Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Zonebac / Whataboutdog Clean Up


  • This topic is locked This topic is locked
16 replies to this topic

#1 myrtle

myrtle

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:05:14 AM

Posted 21 October 2007 - 10:42 AM

Started pc yesterday and Symantech reported that I had the trojan zonebac but it couldn't quarantine or delete. (Symantec had the latest updates from 10/19). I've never ever had a machine infected that I myself had sole usage of. My middle son - early 30s - is now using this pc -- maybe for a couple of months and voila!

So I stopped the zonebac process, and then Symantec was able to quarantine. Symantec then proceeded to report ituneshelper.exe with a problem and it couldn't quarantine or delete, then something called msmmsgs, so I shut down, opened in safe mode, with networking, ran a full system scan. It identified no threats; however, what I noticed was that it identified several files it could not access - now I know that can't be good.

So I then started digging around and discovered in my trusted sites whataboutdog.com and doginhispen.com. Googled about that nonsense, found your site and reviwed some posts. Seemed to me you had a handle on this so I joined, followed the tutorial for cleaning up the system before I post, and am here to deliver my awf file and my hijackthis.log as below. I'd also like some idea of what it is we could have done to allow this to occur. Windows firewall was on (I know it's not the greatest but figured better than nothing.) I'm using comcast broadband, Symantec is updated on a weekly basis (sometimes more depending on the circumstances), I thought comcast was using some kind of scanning on their email...anyway, any ideas as to how I can prevent a reoccurrence since it's eaten up quite a bit of time which, like everyone, I don't have to give. Speaking of which THANKS SO MUCH for spending your precious time helping out the teaming masses -- without this sort of help, we'd all be reformatting hard drives every time we turn around.

Thanks,

Myrtle


Find AWF report by noahdfear 2006
Version 1.40

The current date is: Sat 10/20/2007
The current time is: 13:29:48.59


bak folders found
~~~~~~~~~~~


Directory of C:\WINDOWS\BAK

05/11/2000 02:00 AM 90,112 UpdReg.EXE
1 File(s) 90,112 bytes

Directory of C:\PROGRA~1\DELLAI~1\BAK

05/12/2003 04:02 PM 270,336 dlbkbmgr.exe
1 File(s) 270,336 bytes

Directory of C:\PROGRA~1\DELLSU~1\BAK

07/16/2006 10:29 PM 389,120 DSAgnt.exe
1 File(s) 389,120 bytes

Directory of C:\PROGRA~1\ITUNES\BAK

09/26/2007 02:42 PM 267,064 iTunesHelper.exe
1 File(s) 267,064 bytes

Directory of C:\PROGRA~1\MESSEN~1\BAK

10/13/2004 12:24 PM 1,694,208 msmsgs.exe
1 File(s) 1,694,208 bytes

Directory of C:\PROGRA~1\QUICKT~1\BAK

06/29/2007 06:24 AM 286,720 qttask.exe
1 File(s) 286,720 bytes

Directory of C:\PROGRA~1\SYMANT~1\BAK

08/02/2004 08:36 PM 124,232 VPTray.exe
1 File(s) 124,232 bytes

Directory of C:\WINDOWS\EHOME\BAK

09/29/2005 03:01 PM 67,584 ehtray.exe
1 File(s) 67,584 bytes

Directory of C:\WINDOWS\SYSTEM32\BAK

08/10/2004 06:00 AM 15,360 ctfmon.exe
1 File(s) 15,360 bytes

Directory of C:\PROGRA~1\ATITEC~1\ATI.ACE\BAK

01/02/2006 06:41 PM 45,056 cli.exe
1 File(s) 45,056 bytes

Directory of C:\PROGRA~1\COMMON~1\SYMANT~1\BAK

06/09/2004 09:31 PM 66,680 ccApp.exe
1 File(s) 66,680 bytes

Directory of C:\PROGRA~1\CREATIVE\VOICEC~1\BAK

02/16/2006 10:20 AM 1,118,208 AndreaVC.exe
1 File(s) 1,118,208 bytes

Directory of C:\PROGRA~1\MCAFEE\SPAMKI~1\BAK

07/12/2005 08:05 PM 1,117,184 MSKDetct.exe
1 File(s) 1,117,184 bytes

Directory of C:\PROGRA~1\RETROS~1\RETROS~1.1\BAK

02/06/2006 09:22 AM 18,583,552 RetroExpress.exe
1 File(s) 18,583,552 bytes

Directory of C:\PROGRA~1\ROXIO\DRAG-T~1\BAK

07/31/2006 09:00 AM 1,116,920 DrgToDsc.exe
1 File(s) 1,116,920 bytes

Directory of C:\PROGRA~1\ROXIO\MEDIAE~1\BAK

08/14/2006 01:07 AM 102,400 DMXLauncher.exe
1 File(s) 102,400 bytes

Directory of C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\BAK

07/27/2004 05:50 PM 81,920 issch.exe
07/27/2004 05:50 PM 221,184 ISUSPM.exe
2 File(s) 303,104 bytes

Directory of C:\PROGRA~1\COMMON~1\REAL\UPDATE~1\BAK

03/11/2007 05:58 PM 185,896 realsched.exe
1 File(s) 185,896 bytes

Directory of C:\PROGRA~1\CREATIVE\SBAUDIGY\SURROU~1\BAK

10/31/2005 11:51 AM 57,344 CTSysVol.exe
1 File(s) 57,344 bytes

Directory of C:\PROGRA~1\MAXTOR\ONETOUCH\UTILS\BAK

03/27/2006 04:04 PM 712,704 Onetouch.exe
1 File(s) 712,704 bytes

Directory of C:\PROGRA~1\COMMON~1\ROXIOS~1\9.0\SHARED~1\BAK

08/10/2006 12:10 PM 221,184 RoxWatchTray9.exe
1 File(s) 221,184 bytes


Duplicate files of bak directory contents
~~~~~~~~~~~~~~~~~~~~~~~

90112 May 11 2000 "C:\WINDOWS\bak\UpdReg.EXE"
270336 May 12 2003 "C:\Program Files\Dell AIO Printer A920\bak\dlbkbmgr.exe"
389120 Jul 16 2006 "C:\Program Files\Dell Support\bak\DSAgnt.exe"
267064 Sep 26 2007 "C:\Program Files\iTunes\bak\iTunesHelper.exe"
102400 Sep 29 2007 "C:\WINDOWS\Installer\{B045B608-4A47-4C77-9EAD-06C394503306}\iTunesIco.exe"
116024 Sep 29 2007 "C:\Documents and Settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 7.4.3.1\iTunesSetupAdmin.exe"
1694208 Oct 13 2004 "C:\Program Files\Messenger\bak\msmsgs.exe"
1694208 Oct 13 2004 "C:\WINDOWS\$hf_mig$\KB887472\SP2QFE\msmsgs.exe"
286720 Jun 29 2007 "C:\Program Files\QuickTime\bak\qttask.exe"
124232 Aug 2 2004 "C:\Program Files\Symantec AntiVirus\VPTray.exe"
124232 Aug 2 2004 "C:\Program Files\Symantec AntiVirus\bak\VPTray.exe"
59392 Aug 10 2004 "C:\WINDOWS\$NtUninstallKB900325$\ehtray.exe"
64512 Aug 5 2005 "C:\WINDOWS\$NtUninstallKB908246$\ehtray.exe"
67584 Sep 29 2005 "C:\WINDOWS\ehome\bak\ehtray.exe"
15360 Aug 10 2004 "C:\WINDOWS\system32\ctfmon.exe"
15360 Aug 10 2004 "C:\WINDOWS\system32\bak\ctfmon.exe"
45056 Jan 2 2006 "C:\Program Files\ATI Technologies\ATI.ACE\bak\cli.exe"
66680 Jun 9 2004 "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
66680 Jun 9 2004 "C:\Program Files\Common Files\Symantec Shared\bak\ccApp.exe"
1118208 Feb 16 2006 "C:\Program Files\Creative\VoiceCenter\bak\AndreaVC.exe"
1117184 Jul 12 2005 "C:\Program Files\McAfee\SpamKiller\bak\MSKDetct.exe"
18583552 Feb 6 2006 "C:\Program Files\Retrospect\Retrospect Express HD 1.1\bak\RetroExpress.exe"
1116920 Jul 31 2006 "C:\Program Files\Roxio\Drag-to-Disc\bak\DrgToDsc.exe"
102400 Aug 14 2006 "C:\Program Files\Roxio\Media Experience\bak\DMXLauncher.exe"
81920 Jul 27 2004 "C:\Program Files\Common Files\InstallShield\UpdateService\bak\issch.exe"
81920 Jul 27 2004 "C:\Documents and Settings\Joseph Maertzig\Local Settings\Temp\pft106.tmp\Common\InstallShield\UpdateService\issch.exe"
221184 Jul 27 2004 "C:\Program Files\Common Files\InstallShield\UpdateService\bak\ISUSPM.exe"
221184 Jul 27 2004 "C:\Documents and Settings\Joseph Maertzig\Local Settings\Temp\pft106.tmp\Common\InstallShield\UpdateService\ISUSPM.exe"
185896 Mar 11 2007 "C:\Program Files\Common Files\Real\Update_OB\bak\realsched.exe"
57344 Oct 31 2005 "C:\Program Files\Creative\SBAudigy\Surround Mixer\bak\CTSysVol.exe"
712704 Mar 27 2006 "C:\Program Files\Maxtor\OneTouch\Utils\bak\Onetouch.exe"
163840 Dec 7 2005 "C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatchTray.exe"
159744 Aug 10 2006 "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe"
221184 Aug 10 2006 "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\bak\RoxWatchTray9.exe"
163840 Dec 7 2005 "C:\Documents and Settings\Joseph Maertzig\Local Settings\Temp\pft106.tmp\Common\Roxio Shared\SharedCOM8\RoxWatchTray.exe"


end of report

**************************************************

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:07:34 AM, on 10/21/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Maxtor\OneTouch\Utils\SyncServices.exe
C:\PROGRA~1\RETROS~1\RETROS~1.1\retrorun.exe
C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\stsystra.exe
C:\WINDOWS\system32\Rundll32.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\DOCUME~1\JOSEPH~1\LOCALS~1\Temp\clclean.0001
C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Broderbund\Screen Shot Deluxe 4.0\Sshot4.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=6061116
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=6061116
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [MBMon] Rundll32 CTMBHA.DLL,MBMon
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKCU\..\Run: [SetDefaultMIDI] MIDIDef.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Screen Shot Deluxe 4.0.lnk = C:\Program Files\Broderbund\Screen Shot Deluxe 4.0\Sshot4.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O15 - Trusted Zone: *.doginhispen.com
O15 - Trusted Zone: *.whataboutadog.com
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {8C28EFD7-767B-11D1-844B-0060972DC2AC} - https://reporting.drexel.edu/Hyperion/zeroa....Insight.en.cab
O16 - DPF: {CAFECAFE-0013-0001-0021-ABCDEFABCDEF} (JInitiator 1.3.1.21) - https://banner.drexel.edu/forms90/jinitiator/jinit.exe
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Labs Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: MaxSyncService (NTService1) - - C:\Program Files\Maxtor\OneTouch\Utils\SyncServices.exe
O23 - Service: Retrospect Express HD Launcher (RetroExpLauncher) - EMC Dantz - C:\PROGRA~1\RETROS~1\RETROS~1.1\retrorun.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Common Files\Sonic Shared\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Common Files\Sonic Shared\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server (RoxLiveShare) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxLiveShare.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher (RoxWatch) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

--
End of file - 8679 bytes

BC AdBot (Login to Remove)

 


#2 SifuMike

SifuMike

    malware expert


  • Members
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:02:14 AM

Posted 23 October 2007 - 01:49 PM

Hello myrtle,

I am SifuMike and I will be helping you. :thumbsup:


Please double-click the FindAWF icon once again

If a Security Alert shows, allow the program to run.
As instructed, press any key to continue.
Use the following option: Press 2 then Enter to restore files from bak folders

A text file opens called: files.txt
Click below the line and paste the following list of files to be restored:


"C:\WINDOWS\bak\UpdReg.EXE"
"C:\Program Files\Dell Support\bak\DSAgnt.exe"
"C:\Program Files\iTunes\bak\iTunesHelper.exe"
"C:\Program Files\Messenger\bak\msmsgs.exe"
"C:\Program Files\QuickTime\bak\qttask.exe"
"C:\Program Files\Symantec AntiVirus\bak\VPTray.exe"
"C:\WINDOWS\ehome\bak\ehtray.exe"
"C:\WINDOWS\system32\bak\ctfmon.exe"
"C:\Program Files\ATI Technologies\ATI.ACE\bak\cli.exe"
"C:\Program Files\Common Files\Symantec Shared\bak\ccApp.exe"
"C:\Program Files\Creative\VoiceCenter\bak\AndreaVC.exe"
"C:\Program Files\McAfee\SpamKiller\bak\MSKDetct.exe"
"C:\Program Files\Roxio\Drag-to-Disc\bak\DrgToDsc.exe"
"C:\Program Files\Roxio\Media Experience\bak\DMXLauncher.exe"
"C:\Program Files\Common Files\InstallShield\UpdateService\bak\issch.exe"
"C:\Program Files\Common Files\InstallShield\UpdateService\bak\ISUSPM.exe"
"C:\Program Files\Common Files\Real\Update_OB\bak\realsched.exe"
"C:\Program Files\Maxtor\OneTouch\Utils\bak\Onetouch.exe"
"C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\bak\RoxWatchTray9.exe"


Next, close and click Yes to save the changes.

Once files.txt is saved, FindAWF does the following:
-It attempts to terminate the process represented by each filename on the list, if running
-Deletes the rogue file from the parent folder, if present
-Copies the original file to the parent folder

When done with the above, it automatically runs a new scan and opens a new log.
Please provide the new FindAWF log in your reply
.
If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#3 SifuMike

SifuMike

    malware expert


  • Members
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:02:14 AM

Posted 01 November 2007 - 11:27 PM

Due to inactivity, this thread will now be closed. If you need this topic reopened, please contact me or a member of the HJT Team and we will reopen it for you. Include the address of this thread in your request. If you should have a new issue, please start a new topic. This applies only to the original topic starter. Everyone else please begin a New Topic.
If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#4 SifuMike

SifuMike

    malware expert


  • Members
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:02:14 AM

Posted 05 November 2007 - 10:23 AM

Thread reopened. :thumbsup:
If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#5 myrtle

myrtle
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:05:14 AM

Posted 05 November 2007 - 11:41 AM

Appreciate the reopening.

So, I reran awf following your instructions and below is the output of the new log:


Find AWF report by noahdfear 2006
Version 1.40
Option 2 run successfully

The current date is: Mon 11/05/2007
The current time is: 9:04:47.70


bak folders found
~~~~~~~~~~~


Directory of C:\WINDOWS\BAK

05/11/2000 01:00 AM 90,112 UpdReg.EXE
1 File(s) 90,112 bytes

Directory of C:\PROGRA~1\DELLAI~1\BAK

05/12/2003 03:02 PM 270,336 dlbkbmgr.exe
1 File(s) 270,336 bytes

Directory of C:\PROGRA~1\DELLSU~1\BAK

07/16/2006 09:29 PM 389,120 DSAgnt.exe
1 File(s) 389,120 bytes

Directory of C:\PROGRA~1\ITUNES\BAK

09/26/2007 01:42 PM 267,064 iTunesHelper.exe
1 File(s) 267,064 bytes

Directory of C:\PROGRA~1\MESSEN~1\BAK

10/13/2004 11:24 AM 1,694,208 msmsgs.exe
1 File(s) 1,694,208 bytes

Directory of C:\PROGRA~1\QUICKT~1\BAK

06/29/2007 05:24 AM 286,720 qttask.exe
1 File(s) 286,720 bytes

Directory of C:\PROGRA~1\SYMANT~1\BAK

08/02/2004 07:36 PM 124,232 VPTray.exe
1 File(s) 124,232 bytes

Directory of C:\WINDOWS\EHOME\BAK

09/29/2005 02:01 PM 67,584 ehtray.exe
1 File(s) 67,584 bytes

Directory of C:\WINDOWS\SYSTEM32\BAK

08/10/2004 05:00 AM 15,360 ctfmon.exe
1 File(s) 15,360 bytes

Directory of C:\PROGRA~1\ATITEC~1\ATI.ACE\BAK

01/02/2006 05:41 PM 45,056 cli.exe
1 File(s) 45,056 bytes

Directory of C:\PROGRA~1\COMMON~1\SYMANT~1\BAK

06/09/2004 08:31 PM 66,680 ccApp.exe
1 File(s) 66,680 bytes

Directory of C:\PROGRA~1\CREATIVE\VOICEC~1\BAK

02/16/2006 09:20 AM 1,118,208 AndreaVC.exe
1 File(s) 1,118,208 bytes

Directory of C:\PROGRA~1\MCAFEE\SPAMKI~1\BAK

07/12/2005 07:05 PM 1,117,184 MSKDetct.exe
1 File(s) 1,117,184 bytes

Directory of C:\PROGRA~1\RETROS~1\RETROS~1.1\BAK

02/06/2006 08:22 AM 18,583,552 RetroExpress.exe
1 File(s) 18,583,552 bytes

Directory of C:\PROGRA~1\ROXIO\DRAG-T~1\BAK

07/31/2006 08:00 AM 1,116,920 DrgToDsc.exe
1 File(s) 1,116,920 bytes

Directory of C:\PROGRA~1\ROXIO\MEDIAE~1\BAK

08/14/2006 12:07 AM 102,400 DMXLauncher.exe
1 File(s) 102,400 bytes

Directory of C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\BAK

07/27/2004 04:50 PM 81,920 issch.exe
07/27/2004 04:50 PM 221,184 ISUSPM.exe
2 File(s) 303,104 bytes

Directory of C:\PROGRA~1\COMMON~1\REAL\UPDATE~1\BAK

03/11/2007 04:58 PM 185,896 realsched.exe
1 File(s) 185,896 bytes

Directory of C:\PROGRA~1\CREATIVE\SBAUDIGY\SURROU~1\BAK

10/31/2005 10:51 AM 57,344 CTSysVol.exe
1 File(s) 57,344 bytes

Directory of C:\PROGRA~1\MAXTOR\ONETOUCH\UTILS\BAK

03/27/2006 03:04 PM 712,704 Onetouch.exe
1 File(s) 712,704 bytes

Directory of C:\PROGRA~1\COMMON~1\ROXIOS~1\9.0\SHARED~1\BAK

08/10/2006 11:10 AM 221,184 RoxWatchTray9.exe
1 File(s) 221,184 bytes


Duplicate files of bak directory contents
~~~~~~~~~~~~~~~~~~~~~~~

90112 May 11 2000 "C:\WINDOWS\UpdReg.EXE"
90112 May 11 2000 "C:\WINDOWS\bak\UpdReg.EXE"
270336 May 12 2003 "C:\Program Files\Dell AIO Printer A920\bak\dlbkbmgr.exe"
389120 Jul 16 2006 "C:\Program Files\Dell Support\DSAgnt.exe"
389120 Jul 16 2006 "C:\Program Files\Dell Support\bak\DSAgnt.exe"
267064 Sep 26 2007 "C:\Program Files\iTunes\iTunesHelper.exe"
267064 Sep 26 2007 "C:\Program Files\iTunes\bak\iTunesHelper.exe"
102400 Oct 20 2007 "C:\WINDOWS\Installer\{B045B608-4A47-4C77-9EAD-06C394503306}\iTunesIco.exe"
116024 Sep 29 2007 "C:\Documents and Settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 7.4.3.1\iTunesSetupAdmin.exe"
1694208 Oct 13 2004 "C:\Program Files\Messenger\msmsgs.exe"
1694208 Oct 13 2004 "C:\Program Files\Messenger\bak\msmsgs.exe"
1694208 Oct 13 2004 "C:\WINDOWS\$hf_mig$\KB887472\SP2QFE\msmsgs.exe"
286720 Jun 29 2007 "C:\Program Files\QuickTime\qttask.exe"
286720 Jun 29 2007 "C:\Program Files\QuickTime\bak\qttask.exe"
124232 Aug 2 2004 "C:\Program Files\Symantec AntiVirus\VPTray.exe"
124232 Aug 2 2004 "C:\Program Files\Symantec AntiVirus\bak\VPTray.exe"
59392 Aug 10 2004 "C:\WINDOWS\$NtUninstallKB900325$\ehtray.exe"
64512 Aug 5 2005 "C:\WINDOWS\$NtUninstallKB908246$\ehtray.exe"
67584 Sep 29 2005 "C:\WINDOWS\ehome\ehtray.exe"
67584 Sep 29 2005 "C:\WINDOWS\ehome\bak\ehtray.exe"
15360 Aug 10 2004 "C:\WINDOWS\system32\ctfmon.exe"
15360 Aug 10 2004 "C:\WINDOWS\system32\bak\ctfmon.exe"
45056 Jan 2 2006 "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe"
45056 Jan 2 2006 "C:\Program Files\ATI Technologies\ATI.ACE\bak\cli.exe"
66680 Jun 9 2004 "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
66680 Jun 9 2004 "C:\Program Files\Common Files\Symantec Shared\bak\ccApp.exe"
1118208 Feb 16 2006 "C:\Program Files\Creative\VoiceCenter\AndreaVC.exe"
1118208 Feb 16 2006 "C:\Program Files\Creative\VoiceCenter\bak\AndreaVC.exe"
1117184 Jul 12 2005 "C:\Program Files\McAfee\SpamKiller\MSKDetct.exe"
1117184 Jul 12 2005 "C:\Program Files\McAfee\SpamKiller\bak\MSKDetct.exe"
18583552 Feb 6 2006 "C:\Program Files\Retrospect\Retrospect Express HD 1.1\bak\RetroExpress.exe"
1116920 Jul 31 2006 "C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe"
1116920 Jul 31 2006 "C:\Program Files\Roxio\Drag-to-Disc\bak\DrgToDsc.exe"
102400 Aug 14 2006 "C:\Program Files\Roxio\Media Experience\DMXLauncher.exe"
102400 Aug 14 2006 "C:\Program Files\Roxio\Media Experience\bak\DMXLauncher.exe"
81920 Jul 27 2004 "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe"
81920 Jul 27 2004 "C:\Program Files\Common Files\InstallShield\UpdateService\bak\issch.exe"
221184 Jul 27 2004 "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe"
221184 Jul 27 2004 "C:\Program Files\Common Files\InstallShield\UpdateService\bak\ISUSPM.exe"
185896 Mar 11 2007 "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"
185896 Mar 11 2007 "C:\Program Files\Common Files\Real\Update_OB\bak\realsched.exe"
57344 Oct 31 2005 "C:\Program Files\Creative\SBAudigy\Surround Mixer\bak\CTSysVol.exe"
712704 Mar 27 2006 "C:\Program Files\Maxtor\OneTouch\Utils\Onetouch.exe"
712704 Mar 27 2006 "C:\Program Files\Maxtor\OneTouch\Utils\bak\Onetouch.exe"
163840 Dec 7 2005 "C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatchTray.exe"
159744 Aug 10 2006 "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe"
221184 Aug 10 2006 "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\bak\RoxWatchTray9.exe"


end of report
*************************************************

Thanks for continuing to work on this.

Ciao,

Myrtle

#6 SifuMike

SifuMike

    malware expert


  • Members
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:02:14 AM

Posted 05 November 2007 - 12:40 PM

Hi myrtle,

Looks like we have some more files to restore.

Please double-click the FindAWF icon once again

If a Security Alert shows, allow the program to run.
As instructed, press any key to continue.
Use the following option: Press 2 then Enter to restore files from bak folders

A text file opens called: files.txt
Click below the line and paste the following list of files to be restored:


"C:\Program Files\Dell AIO Printer A920\bak\dlbkbmgr.exe"
"C:\Program Files\Retrospect\Retrospect Express HD 1.1\bak\RetroExpress.exe"
"C:\Program Files\Creative\SBAudigy\Surround Mixer\bak\CTSysVol.exe"
"C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\bak\RoxWatchTray9.exe"


Next, close and click Yes to save the changes.

Once files.txt is saved, FindAWF does the following:
-It attempts to terminate the process represented by each filename on the list, if running
-Deletes the rogue file from the parent folder, if present
-Copies the original file to the parent folder

When done with the above, it automatically runs a new scan and opens a new log.
Please provide the new FindAWF log in your reply
If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#7 myrtle

myrtle
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:05:14 AM

Posted 09 November 2007 - 08:58 PM

Per your instructions, I rearan AWF, option 2, the following is the logfile.

************************************
Find AWF report by noahdfear 2006
Version 1.40
Option 2 run successfully

The current date is: Fri 11/09/2007
The current time is: 20:46:56.14


bak folders found
~~~~~~~~~~~


Directory of C:\WINDOWS\BAK

05/11/2000 01:00 AM 90,112 UpdReg.EXE
1 File(s) 90,112 bytes

Directory of C:\PROGRA~1\DELLAI~1\BAK

05/12/2003 03:02 PM 270,336 dlbkbmgr.exe
1 File(s) 270,336 bytes

Directory of C:\PROGRA~1\DELLSU~1\BAK

07/16/2006 09:29 PM 389,120 DSAgnt.exe
1 File(s) 389,120 bytes

Directory of C:\PROGRA~1\ITUNES\BAK

09/26/2007 01:42 PM 267,064 iTunesHelper.exe
1 File(s) 267,064 bytes

Directory of C:\PROGRA~1\MESSEN~1\BAK

10/13/2004 11:24 AM 1,694,208 msmsgs.exe
1 File(s) 1,694,208 bytes

Directory of C:\PROGRA~1\QUICKT~1\BAK

06/29/2007 05:24 AM 286,720 qttask.exe
1 File(s) 286,720 bytes

Directory of C:\PROGRA~1\SYMANT~1\BAK

08/02/2004 07:36 PM 124,232 VPTray.exe
1 File(s) 124,232 bytes

Directory of C:\WINDOWS\EHOME\BAK

09/29/2005 02:01 PM 67,584 ehtray.exe
1 File(s) 67,584 bytes

Directory of C:\WINDOWS\SYSTEM32\BAK

08/10/2004 05:00 AM 15,360 ctfmon.exe
1 File(s) 15,360 bytes

Directory of C:\PROGRA~1\ATITEC~1\ATI.ACE\BAK

01/02/2006 05:41 PM 45,056 cli.exe
1 File(s) 45,056 bytes

Directory of C:\PROGRA~1\COMMON~1\SYMANT~1\BAK

06/09/2004 08:31 PM 66,680 ccApp.exe
1 File(s) 66,680 bytes

Directory of C:\PROGRA~1\CREATIVE\VOICEC~1\BAK

02/16/2006 09:20 AM 1,118,208 AndreaVC.exe
1 File(s) 1,118,208 bytes

Directory of C:\PROGRA~1\MCAFEE\SPAMKI~1\BAK

07/12/2005 07:05 PM 1,117,184 MSKDetct.exe
1 File(s) 1,117,184 bytes

Directory of C:\PROGRA~1\RETROS~1\RETROS~1.1\BAK

02/06/2006 08:22 AM 18,583,552 RetroExpress.exe
1 File(s) 18,583,552 bytes

Directory of C:\PROGRA~1\ROXIO\DRAG-T~1\BAK

07/31/2006 08:00 AM 1,116,920 DrgToDsc.exe
1 File(s) 1,116,920 bytes

Directory of C:\PROGRA~1\ROXIO\MEDIAE~1\BAK

08/14/2006 12:07 AM 102,400 DMXLauncher.exe
1 File(s) 102,400 bytes

Directory of C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\BAK

07/27/2004 04:50 PM 81,920 issch.exe
07/27/2004 04:50 PM 221,184 ISUSPM.exe
2 File(s) 303,104 bytes

Directory of C:\PROGRA~1\COMMON~1\REAL\UPDATE~1\BAK

03/11/2007 04:58 PM 185,896 realsched.exe
1 File(s) 185,896 bytes

Directory of C:\PROGRA~1\CREATIVE\SBAUDIGY\SURROU~1\BAK

10/31/2005 10:51 AM 57,344 CTSysVol.exe
1 File(s) 57,344 bytes

Directory of C:\PROGRA~1\MAXTOR\ONETOUCH\UTILS\BAK

03/27/2006 03:04 PM 712,704 Onetouch.exe
1 File(s) 712,704 bytes

Directory of C:\PROGRA~1\COMMON~1\ROXIOS~1\9.0\SHARED~1\BAK

08/10/2006 11:10 AM 221,184 RoxWatchTray9.exe
1 File(s) 221,184 bytes


Duplicate files of bak directory contents
~~~~~~~~~~~~~~~~~~~~~~~

90112 May 11 2000 "C:\WINDOWS\UpdReg.EXE"
90112 May 11 2000 "C:\WINDOWS\bak\UpdReg.EXE"
270336 May 12 2003 "C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe"
270336 May 12 2003 "C:\Program Files\Dell AIO Printer A920\bak\dlbkbmgr.exe"
389120 Jul 16 2006 "C:\Program Files\Dell Support\DSAgnt.exe"
389120 Jul 16 2006 "C:\Program Files\Dell Support\bak\DSAgnt.exe"
267064 Sep 26 2007 "C:\Program Files\iTunes\iTunesHelper.exe"
267064 Sep 26 2007 "C:\Program Files\iTunes\bak\iTunesHelper.exe"
102400 Oct 20 2007 "C:\WINDOWS\Installer\{B045B608-4A47-4C77-9EAD-06C394503306}\iTunesIco.exe"
116024 Sep 29 2007 "C:\Documents and Settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 7.4.3.1\iTunesSetupAdmin.exe"
1694208 Oct 13 2004 "C:\Program Files\Messenger\msmsgs.exe"
1694208 Oct 13 2004 "C:\Program Files\Messenger\bak\msmsgs.exe"
1694208 Oct 13 2004 "C:\WINDOWS\$hf_mig$\KB887472\SP2QFE\msmsgs.exe"
286720 Jun 29 2007 "C:\Program Files\QuickTime\qttask.exe"
286720 Jun 29 2007 "C:\Program Files\QuickTime\bak\qttask.exe"
124232 Aug 2 2004 "C:\Program Files\Symantec AntiVirus\VPTray.exe"
124232 Aug 2 2004 "C:\Program Files\Symantec AntiVirus\bak\VPTray.exe"
59392 Aug 10 2004 "C:\WINDOWS\$NtUninstallKB900325$\ehtray.exe"
64512 Aug 5 2005 "C:\WINDOWS\$NtUninstallKB908246$\ehtray.exe"
67584 Sep 29 2005 "C:\WINDOWS\ehome\ehtray.exe"
67584 Sep 29 2005 "C:\WINDOWS\ehome\bak\ehtray.exe"
15360 Aug 10 2004 "C:\WINDOWS\system32\ctfmon.exe"
15360 Aug 10 2004 "C:\WINDOWS\system32\bak\ctfmon.exe"
45056 Jan 2 2006 "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe"
45056 Jan 2 2006 "C:\Program Files\ATI Technologies\ATI.ACE\bak\cli.exe"
66680 Jun 9 2004 "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
66680 Jun 9 2004 "C:\Program Files\Common Files\Symantec Shared\bak\ccApp.exe"
1118208 Feb 16 2006 "C:\Program Files\Creative\VoiceCenter\AndreaVC.exe"
1118208 Feb 16 2006 "C:\Program Files\Creative\VoiceCenter\bak\AndreaVC.exe"
1117184 Jul 12 2005 "C:\Program Files\McAfee\SpamKiller\MSKDetct.exe"
1117184 Jul 12 2005 "C:\Program Files\McAfee\SpamKiller\bak\MSKDetct.exe"
18583552 Feb 6 2006 "C:\Program Files\Retrospect\Retrospect Express HD 1.1\RetroExpress.exe"
18583552 Feb 6 2006 "C:\Program Files\Retrospect\Retrospect Express HD 1.1\bak\RetroExpress.exe"
1116920 Jul 31 2006 "C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe"
1116920 Jul 31 2006 "C:\Program Files\Roxio\Drag-to-Disc\bak\DrgToDsc.exe"
102400 Aug 14 2006 "C:\Program Files\Roxio\Media Experience\DMXLauncher.exe"
102400 Aug 14 2006 "C:\Program Files\Roxio\Media Experience\bak\DMXLauncher.exe"
81920 Jul 27 2004 "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe"
81920 Jul 27 2004 "C:\Program Files\Common Files\InstallShield\UpdateService\bak\issch.exe"
221184 Jul 27 2004 "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe"
221184 Jul 27 2004 "C:\Program Files\Common Files\InstallShield\UpdateService\bak\ISUSPM.exe"
185896 Mar 11 2007 "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"
185896 Mar 11 2007 "C:\Program Files\Common Files\Real\Update_OB\bak\realsched.exe"
57344 Oct 31 2005 "C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe"
57344 Oct 31 2005 "C:\Program Files\Creative\SBAudigy\Surround Mixer\bak\CTSysVol.exe"
712704 Mar 27 2006 "C:\Program Files\Maxtor\OneTouch\Utils\Onetouch.exe"
712704 Mar 27 2006 "C:\Program Files\Maxtor\OneTouch\Utils\bak\Onetouch.exe"
2008250 Dec 5 2004 "L:\Backup Moms laptop 10-22-05\download\OneTouch.exe"
2013344 Oct 14 2006 "L:\Laptop backup 4-25-07\My Documents\download\OneTouch.exe"
163840 Dec 7 2005 "C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatchTray.exe"
159744 Aug 10 2006 "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe"
221184 Aug 10 2006 "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\bak\RoxWatchTray9.exe"


end of report

Thanks!!!

Myrtle

#8 SifuMike

SifuMike

    malware expert


  • Members
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:02:14 AM

Posted 09 November 2007 - 10:26 PM

Hi myrtle,

One more file to backup.

Please double-click the FindAWF icon once again

If a Security Alert shows, allow the program to run.
As instructed, press any key to continue.
Use the following option: Press 2 then Enter to restore files from bak folders

A text file opens called: files.txt
Click below the line and paste the following file to be restored:


"C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\bak\RoxWatchTray9.exe"

Next, close and click Yes to save the changes.

Once files.txt is saved, FindAWF does the following:
-It attempts to terminate the process represented by each filename on the list, if running
-Deletes the rogue file from the parent folder, if present
-Copies the original file to the parent folder

When done with the above, it automatically runs a new scan and opens a new log.
Please provide the new FindAWF log in your reply

Edited by SifuMike, 09 November 2007 - 10:26 PM.

If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#9 myrtle

myrtle
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:05:14 AM

Posted 10 November 2007 - 09:50 AM

I appreciate your constantl attention to this matter. I reran awf; log follows:

***********************
Find AWF report by noahdfear 2006
Version 1.40
Option 2 run successfully

The current date is: Sat 11/10/2007
The current time is: 9:38:33.01


bak folders found
~~~~~~~~~~~


Directory of C:\WINDOWS\BAK

05/11/2000 01:00 AM 90,112 UpdReg.EXE
1 File(s) 90,112 bytes

Directory of C:\PROGRA~1\DELLAI~1\BAK

05/12/2003 03:02 PM 270,336 dlbkbmgr.exe
1 File(s) 270,336 bytes

Directory of C:\PROGRA~1\DELLSU~1\BAK

07/16/2006 09:29 PM 389,120 DSAgnt.exe
1 File(s) 389,120 bytes

Directory of C:\PROGRA~1\ITUNES\BAK

09/26/2007 01:42 PM 267,064 iTunesHelper.exe
1 File(s) 267,064 bytes

Directory of C:\PROGRA~1\MESSEN~1\BAK

10/13/2004 11:24 AM 1,694,208 msmsgs.exe
1 File(s) 1,694,208 bytes

Directory of C:\PROGRA~1\QUICKT~1\BAK

06/29/2007 05:24 AM 286,720 qttask.exe
1 File(s) 286,720 bytes

Directory of C:\PROGRA~1\SYMANT~1\BAK

08/02/2004 07:36 PM 124,232 VPTray.exe
1 File(s) 124,232 bytes

Directory of C:\WINDOWS\EHOME\BAK

09/29/2005 02:01 PM 67,584 ehtray.exe
1 File(s) 67,584 bytes

Directory of C:\WINDOWS\SYSTEM32\BAK

08/10/2004 05:00 AM 15,360 ctfmon.exe
1 File(s) 15,360 bytes

Directory of C:\PROGRA~1\ATITEC~1\ATI.ACE\BAK

01/02/2006 05:41 PM 45,056 cli.exe
1 File(s) 45,056 bytes

Directory of C:\PROGRA~1\COMMON~1\SYMANT~1\BAK

06/09/2004 08:31 PM 66,680 ccApp.exe
1 File(s) 66,680 bytes

Directory of C:\PROGRA~1\CREATIVE\VOICEC~1\BAK

02/16/2006 09:20 AM 1,118,208 AndreaVC.exe
1 File(s) 1,118,208 bytes

Directory of C:\PROGRA~1\MCAFEE\SPAMKI~1\BAK

07/12/2005 07:05 PM 1,117,184 MSKDetct.exe
1 File(s) 1,117,184 bytes

Directory of C:\PROGRA~1\RETROS~1\RETROS~1.1\BAK

02/06/2006 08:22 AM 18,583,552 RetroExpress.exe
1 File(s) 18,583,552 bytes

Directory of C:\PROGRA~1\ROXIO\DRAG-T~1\BAK

07/31/2006 08:00 AM 1,116,920 DrgToDsc.exe
1 File(s) 1,116,920 bytes

Directory of C:\PROGRA~1\ROXIO\MEDIAE~1\BAK

08/14/2006 12:07 AM 102,400 DMXLauncher.exe
1 File(s) 102,400 bytes

Directory of C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\BAK

07/27/2004 04:50 PM 81,920 issch.exe
07/27/2004 04:50 PM 221,184 ISUSPM.exe
2 File(s) 303,104 bytes

Directory of C:\PROGRA~1\COMMON~1\REAL\UPDATE~1\BAK

03/11/2007 04:58 PM 185,896 realsched.exe
1 File(s) 185,896 bytes

Directory of C:\PROGRA~1\CREATIVE\SBAUDIGY\SURROU~1\BAK

10/31/2005 10:51 AM 57,344 CTSysVol.exe
1 File(s) 57,344 bytes

Directory of C:\PROGRA~1\MAXTOR\ONETOUCH\UTILS\BAK

03/27/2006 03:04 PM 712,704 Onetouch.exe
1 File(s) 712,704 bytes

Directory of C:\PROGRA~1\COMMON~1\ROXIOS~1\9.0\SHARED~1\BAK

08/10/2006 11:10 AM 221,184 RoxWatchTray9.exe
1 File(s) 221,184 bytes


Duplicate files of bak directory contents
~~~~~~~~~~~~~~~~~~~~~~~

90112 May 11 2000 "C:\WINDOWS\UpdReg.EXE"
90112 May 11 2000 "C:\WINDOWS\bak\UpdReg.EXE"
270336 May 12 2003 "C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe"
270336 May 12 2003 "C:\Program Files\Dell AIO Printer A920\bak\dlbkbmgr.exe"
389120 Jul 16 2006 "C:\Program Files\Dell Support\DSAgnt.exe"
389120 Jul 16 2006 "C:\Program Files\Dell Support\bak\DSAgnt.exe"
267064 Sep 26 2007 "C:\Program Files\iTunes\iTunesHelper.exe"
267064 Sep 26 2007 "C:\Program Files\iTunes\bak\iTunesHelper.exe"
102400 Oct 20 2007 "C:\WINDOWS\Installer\{B045B608-4A47-4C77-9EAD-06C394503306}\iTunesIco.exe"
116024 Sep 29 2007 "C:\Documents and Settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 7.4.3.1\iTunesSetupAdmin.exe"
1694208 Oct 13 2004 "C:\Program Files\Messenger\msmsgs.exe"
1694208 Oct 13 2004 "C:\Program Files\Messenger\bak\msmsgs.exe"
1694208 Oct 13 2004 "C:\WINDOWS\$hf_mig$\KB887472\SP2QFE\msmsgs.exe"
286720 Jun 29 2007 "C:\Program Files\QuickTime\qttask.exe"
286720 Jun 29 2007 "C:\Program Files\QuickTime\bak\qttask.exe"
124232 Aug 2 2004 "C:\Program Files\Symantec AntiVirus\VPTray.exe"
124232 Aug 2 2004 "C:\Program Files\Symantec AntiVirus\bak\VPTray.exe"
59392 Aug 10 2004 "C:\WINDOWS\$NtUninstallKB900325$\ehtray.exe"
64512 Aug 5 2005 "C:\WINDOWS\$NtUninstallKB908246$\ehtray.exe"
67584 Sep 29 2005 "C:\WINDOWS\ehome\ehtray.exe"
67584 Sep 29 2005 "C:\WINDOWS\ehome\bak\ehtray.exe"
15360 Aug 10 2004 "C:\WINDOWS\system32\ctfmon.exe"
15360 Aug 10 2004 "C:\WINDOWS\system32\bak\ctfmon.exe"
45056 Jan 2 2006 "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe"
45056 Jan 2 2006 "C:\Program Files\ATI Technologies\ATI.ACE\bak\cli.exe"
66680 Jun 9 2004 "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
66680 Jun 9 2004 "C:\Program Files\Common Files\Symantec Shared\bak\ccApp.exe"
1118208 Feb 16 2006 "C:\Program Files\Creative\VoiceCenter\AndreaVC.exe"
1118208 Feb 16 2006 "C:\Program Files\Creative\VoiceCenter\bak\AndreaVC.exe"
1117184 Jul 12 2005 "C:\Program Files\McAfee\SpamKiller\MSKDetct.exe"
1117184 Jul 12 2005 "C:\Program Files\McAfee\SpamKiller\bak\MSKDetct.exe"
18583552 Feb 6 2006 "C:\Program Files\Retrospect\Retrospect Express HD 1.1\RetroExpress.exe"
18583552 Feb 6 2006 "C:\Program Files\Retrospect\Retrospect Express HD 1.1\bak\RetroExpress.exe"
1116920 Jul 31 2006 "C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe"
1116920 Jul 31 2006 "C:\Program Files\Roxio\Drag-to-Disc\bak\DrgToDsc.exe"
102400 Aug 14 2006 "C:\Program Files\Roxio\Media Experience\DMXLauncher.exe"
102400 Aug 14 2006 "C:\Program Files\Roxio\Media Experience\bak\DMXLauncher.exe"
81920 Jul 27 2004 "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe"
81920 Jul 27 2004 "C:\Program Files\Common Files\InstallShield\UpdateService\bak\issch.exe"
221184 Jul 27 2004 "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe"
221184 Jul 27 2004 "C:\Program Files\Common Files\InstallShield\UpdateService\bak\ISUSPM.exe"
185896 Mar 11 2007 "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"
185896 Mar 11 2007 "C:\Program Files\Common Files\Real\Update_OB\bak\realsched.exe"
57344 Oct 31 2005 "C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe"
57344 Oct 31 2005 "C:\Program Files\Creative\SBAudigy\Surround Mixer\bak\CTSysVol.exe"
712704 Mar 27 2006 "C:\Program Files\Maxtor\OneTouch\Utils\Onetouch.exe"
712704 Mar 27 2006 "C:\Program Files\Maxtor\OneTouch\Utils\bak\Onetouch.exe"
163840 Dec 7 2005 "C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatchTray.exe"
159744 Aug 10 2006 "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe"
221184 Aug 10 2006 "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\bak\RoxWatchTray9.exe"


end of report

Thanks,

Myrtle

#10 SifuMike

SifuMike

    malware expert


  • Members
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:02:14 AM

Posted 10 November 2007 - 01:35 PM

Hi myrtle,

Looks like that did not work. :thumbsup:
We'll move the clean file back to the place it belongs manually.

Go to My Computer and browse to the following folder:
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\bak
Inside the BAK folder is a file named RoxWatchTray9.exe
Right click it with your mouse and choose Cut
The go back to the main folder, C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM
Click the background with your mouse, choose Paste
Now you should have the RoxWatchTray9.exe file in the
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM folder.


Now run FindAWF with Option 1
Please provide the new FindAWF log in your reply

Edited by SifuMike, 10 November 2007 - 04:52 PM.

If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#11 myrtle

myrtle
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:05:14 AM

Posted 10 November 2007 - 02:05 PM

Ok, followed instructions; appears to have worked; reran awf option 1:

******************************************

Find AWF report by noahdfear 2006
Version 1.40

The current date is: Sat 11/10/2007
The current time is: 14:02:01.90


bak folders found
~~~~~~~~~~~


Directory of C:\WINDOWS\BAK

05/11/2000 01:00 AM 90,112 UpdReg.EXE
1 File(s) 90,112 bytes

Directory of C:\PROGRA~1\DELLAI~1\BAK

05/12/2003 03:02 PM 270,336 dlbkbmgr.exe
1 File(s) 270,336 bytes

Directory of C:\PROGRA~1\DELLSU~1\BAK

07/16/2006 09:29 PM 389,120 DSAgnt.exe
1 File(s) 389,120 bytes

Directory of C:\PROGRA~1\ITUNES\BAK

09/26/2007 01:42 PM 267,064 iTunesHelper.exe
1 File(s) 267,064 bytes

Directory of C:\PROGRA~1\MESSEN~1\BAK

10/13/2004 11:24 AM 1,694,208 msmsgs.exe
1 File(s) 1,694,208 bytes

Directory of C:\PROGRA~1\QUICKT~1\BAK

06/29/2007 05:24 AM 286,720 qttask.exe
1 File(s) 286,720 bytes

Directory of C:\PROGRA~1\SYMANT~1\BAK

08/02/2004 07:36 PM 124,232 VPTray.exe
1 File(s) 124,232 bytes

Directory of C:\WINDOWS\EHOME\BAK

09/29/2005 02:01 PM 67,584 ehtray.exe
1 File(s) 67,584 bytes

Directory of C:\WINDOWS\SYSTEM32\BAK

08/10/2004 05:00 AM 15,360 ctfmon.exe
1 File(s) 15,360 bytes

Directory of C:\PROGRA~1\ATITEC~1\ATI.ACE\BAK

01/02/2006 05:41 PM 45,056 cli.exe
1 File(s) 45,056 bytes

Directory of C:\PROGRA~1\COMMON~1\SYMANT~1\BAK

06/09/2004 08:31 PM 66,680 ccApp.exe
1 File(s) 66,680 bytes

Directory of C:\PROGRA~1\CREATIVE\VOICEC~1\BAK

02/16/2006 09:20 AM 1,118,208 AndreaVC.exe
1 File(s) 1,118,208 bytes

Directory of C:\PROGRA~1\MCAFEE\SPAMKI~1\BAK

07/12/2005 07:05 PM 1,117,184 MSKDetct.exe
1 File(s) 1,117,184 bytes

Directory of C:\PROGRA~1\RETROS~1\RETROS~1.1\BAK

02/06/2006 08:22 AM 18,583,552 RetroExpress.exe
1 File(s) 18,583,552 bytes

Directory of C:\PROGRA~1\ROXIO\DRAG-T~1\BAK

07/31/2006 08:00 AM 1,116,920 DrgToDsc.exe
1 File(s) 1,116,920 bytes

Directory of C:\PROGRA~1\ROXIO\MEDIAE~1\BAK

08/14/2006 12:07 AM 102,400 DMXLauncher.exe
1 File(s) 102,400 bytes

Directory of C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\BAK

07/27/2004 04:50 PM 81,920 issch.exe
07/27/2004 04:50 PM 221,184 ISUSPM.exe
2 File(s) 303,104 bytes

Directory of C:\PROGRA~1\COMMON~1\REAL\UPDATE~1\BAK

03/11/2007 04:58 PM 185,896 realsched.exe
1 File(s) 185,896 bytes

Directory of C:\PROGRA~1\CREATIVE\SBAUDIGY\SURROU~1\BAK

10/31/2005 10:51 AM 57,344 CTSysVol.exe
1 File(s) 57,344 bytes

Directory of C:\PROGRA~1\MAXTOR\ONETOUCH\UTILS\BAK

03/27/2006 03:04 PM 712,704 Onetouch.exe
1 File(s) 712,704 bytes

Directory of C:\PROGRA~1\COMMON~1\ROXIOS~1\9.0\SHARED~1\BAK

0 File(s) 0 bytes


Duplicate files of bak directory contents
~~~~~~~~~~~~~~~~~~~~~~~

90112 May 11 2000 "C:\WINDOWS\UpdReg.EXE"
90112 May 11 2000 "C:\WINDOWS\bak\UpdReg.EXE"
270336 May 12 2003 "C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe"
270336 May 12 2003 "C:\Program Files\Dell AIO Printer A920\bak\dlbkbmgr.exe"
389120 Jul 16 2006 "C:\Program Files\Dell Support\DSAgnt.exe"
389120 Jul 16 2006 "C:\Program Files\Dell Support\bak\DSAgnt.exe"
267064 Sep 26 2007 "C:\Program Files\iTunes\iTunesHelper.exe"
267064 Sep 26 2007 "C:\Program Files\iTunes\bak\iTunesHelper.exe"
102400 Oct 20 2007 "C:\WINDOWS\Installer\{B045B608-4A47-4C77-9EAD-06C394503306}\iTunesIco.exe"
116024 Sep 29 2007 "C:\Documents and Settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 7.4.3.1\iTunesSetupAdmin.exe"
1694208 Oct 13 2004 "C:\Program Files\Messenger\msmsgs.exe"
1694208 Oct 13 2004 "C:\Program Files\Messenger\bak\msmsgs.exe"
1694208 Oct 13 2004 "C:\WINDOWS\$hf_mig$\KB887472\SP2QFE\msmsgs.exe"
286720 Jun 29 2007 "C:\Program Files\QuickTime\qttask.exe"
286720 Jun 29 2007 "C:\Program Files\QuickTime\bak\qttask.exe"
124232 Aug 2 2004 "C:\Program Files\Symantec AntiVirus\VPTray.exe"
124232 Aug 2 2004 "C:\Program Files\Symantec AntiVirus\bak\VPTray.exe"
59392 Aug 10 2004 "C:\WINDOWS\$NtUninstallKB900325$\ehtray.exe"
64512 Aug 5 2005 "C:\WINDOWS\$NtUninstallKB908246$\ehtray.exe"
67584 Sep 29 2005 "C:\WINDOWS\ehome\ehtray.exe"
67584 Sep 29 2005 "C:\WINDOWS\ehome\bak\ehtray.exe"
15360 Aug 10 2004 "C:\WINDOWS\system32\ctfmon.exe"
15360 Aug 10 2004 "C:\WINDOWS\system32\bak\ctfmon.exe"
45056 Jan 2 2006 "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe"
45056 Jan 2 2006 "C:\Program Files\ATI Technologies\ATI.ACE\bak\cli.exe"
66680 Jun 9 2004 "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
66680 Jun 9 2004 "C:\Program Files\Common Files\Symantec Shared\bak\ccApp.exe"
1118208 Feb 16 2006 "C:\Program Files\Creative\VoiceCenter\AndreaVC.exe"
1118208 Feb 16 2006 "C:\Program Files\Creative\VoiceCenter\bak\AndreaVC.exe"
1117184 Jul 12 2005 "C:\Program Files\McAfee\SpamKiller\MSKDetct.exe"
1117184 Jul 12 2005 "C:\Program Files\McAfee\SpamKiller\bak\MSKDetct.exe"
18583552 Feb 6 2006 "C:\Program Files\Retrospect\Retrospect Express HD 1.1\RetroExpress.exe"
18583552 Feb 6 2006 "C:\Program Files\Retrospect\Retrospect Express HD 1.1\bak\RetroExpress.exe"
1116920 Jul 31 2006 "C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe"
1116920 Jul 31 2006 "C:\Program Files\Roxio\Drag-to-Disc\bak\DrgToDsc.exe"
102400 Aug 14 2006 "C:\Program Files\Roxio\Media Experience\DMXLauncher.exe"
102400 Aug 14 2006 "C:\Program Files\Roxio\Media Experience\bak\DMXLauncher.exe"
81920 Jul 27 2004 "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe"
81920 Jul 27 2004 "C:\Program Files\Common Files\InstallShield\UpdateService\bak\issch.exe"
221184 Jul 27 2004 "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe"
221184 Jul 27 2004 "C:\Program Files\Common Files\InstallShield\UpdateService\bak\ISUSPM.exe"
185896 Mar 11 2007 "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"
185896 Mar 11 2007 "C:\Program Files\Common Files\Real\Update_OB\bak\realsched.exe"
57344 Oct 31 2005 "C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe"
57344 Oct 31 2005 "C:\Program Files\Creative\SBAudigy\Surround Mixer\bak\CTSysVol.exe"
712704 Mar 27 2006 "C:\Program Files\Maxtor\OneTouch\Utils\Onetouch.exe"
712704 Mar 27 2006 "C:\Program Files\Maxtor\OneTouch\Utils\bak\Onetouch.exe"
2008250 Dec 5 2004 "L:\Backup Moms laptop 10-22-05\download\OneTouch.exe"
2013344 Oct 14 2006 "L:\Laptop backup 4-25-07\My Documents\download\OneTouch.exe"


end of report

Thanks,

Myrtle

#12 SifuMike

SifuMike

    malware expert


  • Members
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:02:14 AM

Posted 10 November 2007 - 02:36 PM

Hi Myrtle,

Please download ATF Cleaner by Atribune.Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.

Reboot your computer <==== Important


***********************

Please double-click the FindAWF icon once again
This time we are going to remove some folders.

If a Security Alert shows, allow the program to run.
As instructed, press any key to continue.
Use the following option: Press 3 then Enter to remove bak folders

A text file opens called: folders.txt
Click below the line and paste the following list of folders to be removed:

C:\WINDOWS\bak
C:\Program Files\Dell AIO Printer A920\bak
C:\Program Files\Dell Support\bak
C:\Program Files\iTunes\bak
C:\Program Files\Messenger\bak
C:\Program Files\QuickTime\bak
C:\Program Files\Symantec AntiVirus\bak
C:\WINDOWS\ehome\bak
C:\WINDOWS\system32\bak
C:\Program Files\ATI Technologies\ATI.ACE\bak
C:\Program Files\Common Files\Symantec Shared\bak
C:\Program Files\Creative\VoiceCenter\bak
C:\Program Files\McAfee\SpamKiller\bak
C:\Program Files\Retrospect\Retrospect Express HD 1.1\bak
C:\Program Files\Roxio\Drag-to-Disc\bak
C:\Program Files\Roxio\Media Experience\bak
C:\Program Files\Common Files\InstallShield\UpdateService\bak
C:\Program Files\Common Files\Real\Update_OB\bak
C:\Program Files\Creative\SBAudigy\Surround Mixer\bak
C:\Program Files\Maxtor\OneTouch\Utils\bak


Next, close and click Yes to save the changes.

When done with the above, FindAWF automatically runs a new scan and opens a new log that you need to post.
Please provide the new FindAWF log in your reply

Edited by SifuMike, 10 November 2007 - 02:36 PM.

If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#13 myrtle

myrtle
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:05:14 AM

Posted 10 November 2007 - 05:17 PM

Ok, I downloaded and ran the cleaner; then rebooted; then awf option 3, log follows:

***********************************

Find AWF report by noahdfear 2006
Version 1.40
Option 3 run successfully

The current date is: Sat 11/10/2007
The current time is: 17:15:09.78


bak folders found
~~~~~~~~~~~


Directory of C:\PROGRA~1\COMMON~1\ROXIOS~1\9.0\SHARED~1\BAK

0 File(s) 0 bytes


Duplicate files of bak directory contents
~~~~~~~~~~~~~~~~~~~~~~~



end of report

Thanks for your continuing support.

Myrtle

#14 SifuMike

SifuMike

    malware expert


  • Members
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:02:14 AM

Posted 10 November 2007 - 05:24 PM

Hi Myrtle,

Everything looks good. :thumbsup:

Now run Option 4.

Double-click the FindAWF icon once again.
Use the following option: Press 4 then Enter to reset domain zones


When the program returns to the main menu, use the following option:
Press E then Enter to EXIT

******************

Lets run ComboFix.

If you have used Combofix before, please delete the version you are having and redownload it again, because Combofix is being updated everyday.

Disconnect from the Internet while running ComboFix.

Temporarily disable any anti-virus and anti-malware real-time protection before performing a scan.
They can interfere with ComboFix or remove some of its embedded files which may cause unpredictable results.
Some scanners may see some combofix related components as suspicious and block or delete them while there's nothing wrong with them.



1. Download this file - combofix.exe to your Desktop.
Note:
It is important that it is saved directly to your desktop

2. Double click combofix.exe & follow the prompts.
3. When finished, it shall produce a log for you, C:\ComboFix.txt. Post the ComboFix log and a fresh Hijackthis log in your next reply.
Do NOT post the ComboFix-quarantined-files.txt - unless I ask you to.

Note:
Do not mouseclick combofix's window while it's running. That may cause it to stall
In case you see a sed.cfexe error with the option to send a report or not, choose "don't send".

If you have Norton Antivirus installed then disable script blocking so it will not interfere with the fix.

To disable Norton Script blocking Service:

* Disable the Script Blocking Service:
To open Services, click Start, point to Settings, and then click Control Panel.
Double-click Administrative Tools, and then double-click Services.
Find ScriptBlocking services, Right-click the service, and then click and then click Properties.
On the General tab, under Startup, click Disabled.
Under Service Status, click Stop button. Click Apply button.

* Disable the Script Blocking In Norton Settings:
Start Norton Antivirus.
Click Options. If a menu appears when you click Options, then click Norton Antivirus. The Norton Antivirus Options dialog box appears.
Click Script Blocking.
Uncheck Enable Script Blocking (recommended).
Click OK
You can reenable it afterwards when everything is clean again.

Edited by SifuMike, 10 November 2007 - 05:27 PM.

If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#15 myrtle

myrtle
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:05:14 AM

Posted 10 November 2007 - 10:12 PM

Ok, downloaded combox fix, disconnected from internet, disabled Symantec antivirus and ran combo fix and then hijack this -- logs follow:

*****************************************
ComboFix 07-11-08.1 - Joseph Maertzig 2007-11-10 22:04:06.1 - NTFSx86
Running from: C:\Documents and Settings\Joseph Maertzig\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

L:\Autorun.inf
M:\Autorun.inf

.
((((((((((((((((((((((((( Files Created from 2007-10-11 to 2007-11-11 )))))))))))))))))))))))))))))))
.

2007-11-10 22:03 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-11-05 09:04 90,112 --a------ C:\WINDOWS\UpdReg.EXE
2007-10-21 10:07 <DIR> d-------- C:\Program Files\Trend Micro
2007-10-20 12:51 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2007-10-20 12:50 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-10-20 08:30 92,706,160 --a------ C:\SYM_REGISTRY_BACKUP.reg
2007-10-20 08:07 584,192 --------- C:\WINDOWS\system32\dllcache\rpcrt4.dll
2007-10-20 08:05 <DIR> d--h----- C:\WINDOWS\PIF

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-11 03:04 --------- d-----w C:\Program Files\Symantec AntiVirus
2007-11-11 03:02 --------- d-----w C:\Documents and Settings\Joseph Maertzig\Application Data\Corel
2007-11-10 22:15 --------- d-----w C:\Program Files\QuickTime
2007-11-10 22:15 --------- d-----w C:\Program Files\iTunes
2007-11-10 22:15 --------- d-----w C:\Program Files\Dell Support
2007-11-10 22:15 --------- d-----w C:\Program Files\Dell AIO Printer A920
2007-11-10 22:15 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2007-11-05 02:10 --------- d-----w C:\Program Files\Common Files\Corel
2007-11-05 01:50 --------- d-----w C:\Documents and Settings\All Users\Application Data\Corel
2007-10-21 14:08 --------- d-----w C:\Program Files\Yahoo!
2007-10-21 14:08 --------- d-----w C:\Program Files\Common Files\SureThing Shared
2007-10-21 14:08 --------- d-----w C:\Documents and Settings\All Users\Application Data\YAHOO
2007-10-21 13:57 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-10-20 17:52 --------- d-----w C:\Program Files\Lavasoft
2007-10-20 17:52 --------- d-----w C:\Documents and Settings\Joseph Maertzig\Application Data\Lavasoft
2007-10-20 13:24 --------- d-----w C:\Program Files\InterActual
2007-10-02 22:51 --------- d-----w C:\Documents and Settings\All Users\Application Data\RetroExp
2007-09-29 18:16 --------- d-----w C:\Program Files\Apple Software Update
2007-09-29 18:07 --------- d-----w C:\Program Files\iPod
2007-09-16 18:21 --------- d-----w C:\Program Files\Windows Media Connect 2
2007-09-16 17:44 --------- d-----w C:\Program Files\Windows Media Bonus Pack for Windows XP
2007-09-15 19:30 --------- d-----w C:\Documents and Settings\Joseph Maertzig\Application Data\Roxio
2007-08-22 12:55 96,256 ------w C:\WINDOWS\system32\dllcache\inseng.dll
2007-08-22 12:55 665,600 ------w C:\WINDOWS\system32\dllcache\wininet.dll
2007-08-22 12:55 617,984 ------w C:\WINDOWS\system32\dllcache\urlmon.dll
2007-08-22 12:55 55,808 ------w C:\WINDOWS\system32\dllcache\extmgr.dll
2007-08-22 12:55 532,480 ------w C:\WINDOWS\system32\dllcache\mstime.dll
2007-08-22 12:55 474,112 ------w C:\WINDOWS\system32\dllcache\shlwapi.dll
2007-08-22 12:55 449,024 ------w C:\WINDOWS\system32\dllcache\mshtmled.dll
2007-08-22 12:55 39,424 ------w C:\WINDOWS\system32\dllcache\pngfilt.dll
2007-08-22 12:55 357,888 ------w C:\WINDOWS\system32\dllcache\dxtmsft.dll
2007-08-22 12:55 3,064,832 ------w C:\WINDOWS\system32\dllcache\mshtml.dll
2007-08-22 12:55 251,904 ------w C:\WINDOWS\system32\dllcache\iepeers.dll
2007-08-22 12:55 205,824 ------w C:\WINDOWS\system32\dllcache\dxtrans.dll
2007-08-22 12:55 16,384 ------w C:\WINDOWS\system32\dllcache\jsproxy.dll
2007-08-22 12:55 151,040 ------w C:\WINDOWS\system32\dllcache\cdfview.dll
2007-08-22 12:55 146,432 ------w C:\WINDOWS\system32\dllcache\msrating.dll
2007-08-22 12:55 1,498,112 ------w C:\WINDOWS\system32\dllcache\shdocvw.dll
2007-08-22 12:55 1,054,208 ------w C:\WINDOWS\system32\dllcache\danim.dll
2007-08-22 12:55 1,022,976 ------w C:\WINDOWS\system32\dllcache\browseui.dll
2007-08-21 10:19 18,432 ------w C:\WINDOWS\system32\dllcache\iedw.exe
2007-08-21 06:15 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2007-08-21 06:15 683,520 ------w C:\WINDOWS\system32\dllcache\inetcomm.dll
2007-01-01 15:48 251 ----a-w C:\Program Files\wt3d.ini
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SigmatelSysTrayApp"="stsystra.exe" [2006-08-15 03:00 C:\WINDOWS\stsystra.exe]
"MBMon"="CTMBHA.DLL" [2006-06-28 23:12 C:\WINDOWS\system32\CTMBHA.DLL]
"vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [2004-08-02 19:36]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-09-26 13:42]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2004-06-09 20:31]
"Corel Photo Downloader"="C:\Program Files\Corel\Corel Snapfire Plus\Corel Photo Downloader.exe" [2007-02-06 12:20]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SetDefaultMIDI"="MIDIDef.exe" [2004-12-22 04:40 C:\WINDOWS\MIDIDEF.EXE]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 05:00]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 11:24]

C:\Documents and Settings\Joseph Maertzig\Start Menu\Programs\Startup\
Screen Shot Deluxe 4.0.lnk - C:\Program Files\Broderbund\Screen Shot Deluxe 4.0\Sshot4.exe [2006-12-31 14:26:35]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Acrobat Assistant.lnk - C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe [2003-05-15 01:19:50]
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 21:05:26]
WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE [2006-12-31 14:02:50]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

R1 DLARTL_M;DLARTL_M;C:\WINDOWS\system32\Drivers\DLARTL_M.SYS
R3 Angel2;Angel II MPEG Device;C:\WINDOWS\system32\DRIVERS\Angel2.sys

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}]
\Shell\AutoRun\command - E:\setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4106f772-9acd-11db-ad2d-00137239a8d1}]
\Shell\AutoRun\command - M:\setupSNK.exe

*Newly Created Service* - CATCHME
.
Contents of the 'Scheduled Tasks' folder
"2007-09-29 18:03:30 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1250 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-10 22:05:09
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-11-10 22:05:31
.
--- E O F ---
*******************

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:09:08 PM, on 11/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\stsystra.exe
C:\WINDOWS\system32\Rundll32.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\DOCUME~1\JOSEPH~1\LOCALS~1\Temp\clclean.0001
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Corel\Corel Snapfire Plus\Corel Photo Downloader.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Broderbund\Screen Shot Deluxe 4.0\Sshot4.exe
C:\Program Files\Maxtor\OneTouch\Utils\SyncServices.exe
C:\WINDOWS\system32\PSIService.exe
C:\PROGRA~1\RETROS~1\RETROS~1.1\retrorun.exe
C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\ehome\EHTray.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\WISPTIS.EXE
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=6061116
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [MBMon] Rundll32 CTMBHA.DLL,MBMon
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Snapfire Plus\Corel Photo Downloader.exe
O4 - HKCU\..\Run: [SetDefaultMIDI] MIDIDef.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: Screen Shot Deluxe 4.0.lnk = C:\Program Files\Broderbund\Screen Shot Deluxe 4.0\Sshot4.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {8C28EFD7-767B-11D1-844B-0060972DC2AC} - https://reporting.drexel.edu/Hyperion/zeroa....Insight.en.cab
O16 - DPF: {CAFECAFE-0013-0001-0021-ABCDEFABCDEF} (JInitiator 1.3.1.21) - https://banner.drexel.edu/forms90/jinitiator/jinit.exe
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Labs Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: MaxSyncService (NTService1) - - C:\Program Files\Maxtor\OneTouch\Utils\SyncServices.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: Retrospect Express HD Launcher (RetroExpLauncher) - EMC Dantz - C:\PROGRA~1\RETROS~1\RETROS~1.1\retrorun.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Common Files\Sonic Shared\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Common Files\Sonic Shared\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server (RoxLiveShare) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxLiveShare.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher (RoxWatch) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

--
End of file - 8946 bytes

Ciao,

Myrtle




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users