Help, please
I am very new, looking for help
I have a dinousur modem dial-up connection on my comp (WindowsXP)
Somehow got AxFreePorn dialer that keeps disconnecting me.
AVG didn't help. Spybot Search & Destroy heals, but it is still disconnects me after 15 or 20 min. I have to restart my comp all the time
Any suggestions? Please!!
verynewuser 0 Newbie Poster
crunchie 990 Most Valuable Poster Team Colleague Featured Poster
Download HijackThis from here. Download it to your desktop and NOT a temporary folder.
Start HJT & press the "Do a system scan and save a log file" button. When the scan is finished a window will pop up giving you the option of where to save it. Save it to desktop where it is easy to access. Open the log file and copy the entire contents of the file & paste it into the body of your post. DO NOT FIX ANYTHING YET. Most of what is there is necessary for the running of your system.
verynewuser 0 Newbie Poster
Thank you for your reply
Here is my log:
Logfile of HijackThis v1.99.1
Scan saved at 9:52:37 PM, on 8/14/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\WINDOWS\zHotkey.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\BigFix\BigFix.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\PROGRA~1\WINZIP\winzip32.exe
C:\Documents and Settings\Owner\Local Settings\Temp\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [CHotkey] zHotkey.exe
O4 - HKLM\..\Run: [ShowWnd] ShowWnd.exe
O4 - HKLM\..\Run: [Creative WebCam Tray] C:\Program Files\Creative\Shared Files\CAMTRAY.EXE
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [DllRunning] rundll32.exe "C:\DOCUME~1\VALENT~1\LOCALS~1\Temp\abc123wZnR.dll",SetVM
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{CBF0DCE9-00A9-4B4F-A686-BDC45633E07A}: NameServer = 216.21.128.22 216.21.129.22
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - AppInit_DLLs:
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
crunchie 990 Most Valuable Poster Team Colleague Featured Poster
Thank you for your reply
No worries, but I need you to get hijackthis from the link I provided. You are using an outdated version.
verynewuser 0 Newbie Poster
Thank you
here is my updated log
Let me know if you can find what is wrong
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:38:18 PM, on 8/15/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\WINDOWS\zHotkey.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\BigFix\BigFix.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\winlogon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Owner\Desktop\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [CHotkey] zHotkey.exe
O4 - HKLM\..\Run: [ShowWnd] ShowWnd.exe
O4 - HKLM\..\Run: [Creative WebCam Tray] C:\Program Files\Creative\Shared Files\CAMTRAY.EXE
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [DllRunning] rundll32.exe "C:\DOCUME~1\VALENT~1\LOCALS~1\Temp\abc123wZnR.dll",SetVM
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-2276652658-2038455674-3860006178-1008\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Valentina')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{CBF0DCE9-00A9-4B4F-A686-BDC45633E07A}: NameServer = 216.21.128.22 216.21.129.22
O20 - AppInit_DLLs:
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O24 - Desktop Component 0: (no name) - file:///C:/DOCUME~1/Owner/LOCALS~1/Temp/msohtml1/01/clip_image002.jpg
--
End of file - 5135 bytes
crunchie 990 Most Valuable Poster Team Colleague Featured Poster
Can you please do the following.
===============
Scan with HijackThis and then place a check next to all the following, if present:
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [DllRunning] rundll32.exe "C:\DOCUME~1\VALENT~1\LOCALS~1\Temp\abc123wZnR.dll",SetVM
Now, close all instances of Internet Explorer and any other windows you have open except HiJackThis, click "Fix checked".
===============
Locate and delete the following item(s), if present. Make sure you are able to view system and hidden files/ folders:
files...
C:\DOCUME~1\VALENT~1\LOCALS~1\Temp\abc123wZnR.dll
Search for...
ALCMTR.EXE
...using "Start | Search...".
-
Note that some of these file(s)/folder(s) may or may not be present. If present, and cannot be deleted because they're 'in use', try deleting them in Safe Mode by doing the following:
- Restart your computer
- After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
- Instead of Windows loading as normal, a menu should appear.
Select the first option to run Windows in Safe Mode hit enter.
-
Reboot.
===============
Please download and install AVG antispyware tool
- Close all other Applications Select language click Ok
- Click I Agree
- Click next
- Click Install
- Click Finish
- Wait and AVG antispyware will open to the main screen automatically.
- Wait again a few minutes and AVG antispyware Should Auto update itself. If it doesn't click update at top of screen.
- It is very important that you get updated
- When updating has finished. Close AVG antispyware.
If you have an "always on" connection to the internet, physically disconnect that connection until you are finished with Safe Mode and have rebooted back into normal mode.
- Next, please reboot your computer in Safe Mode by doing the following:
- Restart your computer
- After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
- Instead of Windows loading as normal, a menu should appear use arrow up to highlight
- Select the first option, to run Windows in Safe Mode hit enter.
- For additional help in booting into Safe Mode, see the following site: HERE
You MUST manage to get into Safe Mode for the fix to work.
Make sure to close all open windows/programs/folders. Have nothing else open while AVG antispyware performs its scan!
- Run AVG antispyware.
- Click on scanner at top of AVG antispyware screen.
- Click on Settings.
- Under How to Act click on Recommended Action and choose Quarantine.
- Under How to scan all boxes should be selected.
- Under Possibly unwanted software all boxes should be selected.
- On right side under Reports: click on Do not automatically generate report after every scan.
- Under What to scan select scan every file.
- Click On scan Tab.
- Click on Complete system scan.
- Let the program scan the machine It can take awhile give it time.
- When scan has finished at bottom of screen click Apply all Actions.
- Click Save report
- Click Save Report as (Save as window's screen should pop up.)
- Click desktop.
- Click Save.
- Exit AVG antispyware.
Reboot back to normal mode.
Post the log here.
verynewuser 0 Newbie Poster
Thank you for your very detailed action steps.
This is my HJT log after all fixes and my report from scanning
let me know if you can see anything else
so far is good, I haven't notice disconnection from my server
and i had an error that was popping out every time i turned my computer on (which I didn't pointed out in my problem that I posted inthis forum) now it's gone
wow!!Thank you. thank you. Let me know.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:00:00 PM, on 8/19/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\WINDOWS\zHotkey.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\BigFix\BigFix.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Owner\Desktop\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [CHotkey] zHotkey.exe
O4 - HKLM\..\Run: [ShowWnd] ShowWnd.exe
O4 - HKLM\..\Run: [Creative WebCam Tray] C:\Program Files\Creative\Shared Files\CAMTRAY.EXE
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O20 - AppInit_DLLs:
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O24 - Desktop Component 0: (no name) - file:///C:/DOCUME~1/Owner/LOCALS~1/Temp/msohtml1/01/clip_image002.jpg
--
End of file - 4975 bytes
Report from scanning:
---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------
+ Created at: 2:54:20 PM 8/19/2007
+ Scan result:
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\P0GBH9S5\B2375692[1].htm -> Downloader.Agent.ao : Cleaned.
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP215\A0027531.exe -> Downloader.Agent.awf : Cleaned.
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP215\A0027623.exe -> Downloader.Agent.awf : Cleaned.
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP215\A0027782.exe -> Downloader.Agent.awf : Cleaned.
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP215\A0027783.exe -> Downloader.Agent.awf : Cleaned.
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP215\A0027784.exe -> Downloader.Agent.awf : Cleaned.
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP215\A0027785.exe -> Downloader.Agent.awf : Cleaned.
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP215\A0027786.exe -> Downloader.Agent.awf : Cleaned.
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP215\A0027787.exe -> Downloader.Agent.awf : Cleaned.
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP215\A0027788.exe -> Downloader.Agent.awf : Cleaned.
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP215\A0027789.exe -> Downloader.Agent.awf : Cleaned.
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP215\A0027790.EXE -> Downloader.Agent.awf : Cleaned.
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP215\A0027791.exe -> Downloader.Agent.awf : Cleaned.
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP215\A0027792.exe -> Downloader.Agent.awf : Cleaned.
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP215\A0027793.exe -> Downloader.Agent.awf : Cleaned.
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP215\A0027794.exe -> Downloader.Agent.awf : Cleaned.
C:\WINDOWS\SMINST\RECGUARD.EXE1158632919 -> Downloader.Agent.awf : Cleaned.
C:\WINDOWS\SMINST\RECGUARD.EXE1160618439 -> Downloader.Agent.awf : Cleaned.
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\01ERGLQN\checkin[1].htm -> Downloader.Small.co : Cleaned.
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\8TK9Y3GH\checkin[1].htm -> Downloader.Small.co : Cleaned.
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\C1OJK3K7\checkin[1].htm -> Downloader.Small.co : Cleaned.
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\D1W2OBH7\checkin[1].htm -> Downloader.Small.co : Cleaned.
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\GTYFODAZ\checkin[1].htm -> Downloader.Small.co : Cleaned.
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\ITFWLKFM\checkin[1].htm -> Downloader.Small.co : Cleaned.
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\PNNFT50E\checkin[1].htm -> Downloader.Small.co : Cleaned.
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\Q18F6X25\checkin[1].htm -> Downloader.Small.co : Cleaned.
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\U7IXOTQF\checkin[2].htm -> Downloader.Small.co : Cleaned.
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\U7IXOTQF\checkin[3].htm -> Downloader.Small.co : Cleaned.
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\U7IXOTQF\checkin[4].htm -> Downloader.Small.co : Cleaned.
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\U7IXOTQF\checkin[5].htm -> Downloader.Small.co : Cleaned.
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\UFMZEDUF\checkin[1].htm -> Downloader.Small.co : Cleaned.
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\YHX6F6XO\checkin[1].htm -> Downloader.Small.co : Cleaned.
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\YHX6F6XO\checkin[2].htm -> Downloader.Small.co : Cleaned.
C:\Documents and Settings\Valentina\Local Settings\Temporary Internet Files\Content.IE5\CXYB0TQB\checkin[1].htm -> Downloader.Small.co : Cleaned.
C:\Documents and Settings\Valentina\Local Settings\Temporary Internet Files\Content.IE5\CXYB0TQB\checkin[2].htm -> Downloader.Small.co : Cleaned.
C:\Documents and Settings\Valentina\Local Settings\Temporary Internet Files\Content.IE5\K9QF0DU3\checkin[1].htm -> Downloader.Small.co : Cleaned.
C:\Documents and Settings\Valentina\Local Settings\Temporary Internet Files\Content.IE5\K9QF0DU3\checkin[2].htm -> Downloader.Small.co : Cleaned.
C:\Documents and Settings\Valentina\Local Settings\Temporary Internet Files\Content.IE5\K9QF0DU3\checkin[3].htm -> Downloader.Small.co : Cleaned.
C:\Documents and Settings\Valentina\Local Settings\Temporary Internet Files\Content.IE5\K9QF0DU3\checkin[4].htm -> Downloader.Small.co : Cleaned.
C:\Documents and Settings\Valentina\Local Settings\Temporary Internet Files\Content.IE5\KLUJQZKT\checkin[1].htm -> Downloader.Small.co : Cleaned.
C:\Documents and Settings\Valentina\Local Settings\Temporary Internet Files\Content.IE5\KLUJQZKT\checkin[2].htm -> Downloader.Small.co : Cleaned.
C:\Documents and Settings\Valentina\Local Settings\Temporary Internet Files\Content.IE5\KPG1EVCX\checkin[1].htm -> Downloader.Small.co : Cleaned.
C:\Documents and Settings\Valentina\Local Settings\Temporary Internet Files\Content.IE5\KPG1EVCX\checkin[2].htm -> Downloader.Small.co : Cleaned.
C:\Documents and Settings\Valentina\Local Settings\Temporary Internet Files\Content.IE5\KT2NWP2B\checkin[1].htm -> Downloader.Small.co : Cleaned.
C:\Documents and Settings\Valentina\Local Settings\Temporary Internet Files\Content.IE5\OTI3W5AN\checkin[1].htm -> Downloader.Small.co : Cleaned.
C:\Documents and Settings\Valentina\Local Settings\Temporary Internet Files\Content.IE5\S9YVCPIN\checkin[1].htm -> Downloader.Small.co : Cleaned.
C:\Documents and Settings\Valentina\Local Settings\Temporary Internet Files\Content.IE5\S9YVCPIN\checkin[2].htm -> Downloader.Small.co : Cleaned.
C:\Documents and Settings\Valentina\Local Settings\Temporary Internet Files\Content.IE5\S9YVCPIN\checkin[3].htm -> Downloader.Small.co : Cleaned.
C:\Documents and Settings\Valentina\Local Settings\Temporary Internet Files\Content.IE5\SHGV4V8Z\checkin[1].htm -> Downloader.Small.co : Cleaned.
C:\Documents and Settings\Valentina\Local Settings\Temporary Internet Files\Content.IE5\SHGV4V8Z\checkin[2].htm -> Downloader.Small.co : Cleaned.
C:\Documents and Settings\Valentina\Local Settings\Temporary Internet Files\Content.IE5\SLYBC163\checkin[1].htm -> Downloader.Small.co : Cleaned.
C:\Documents and Settings\Valentina\Local Settings\Temporary Internet Files\Content.IE5\SLYBC163\checkin[2].htm -> Downloader.Small.co : Cleaned.
C:\Documents and Settings\Valentina\Local Settings\Temporary Internet Files\Content.IE5\SLYBC163\checkin[3].htm -> Downloader.Small.co : Cleaned.
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP185\A0025340.exe -> Dropper.Small : Cleaned.
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\45GV4BGB\ian_car[1].js -> Not-A-Virus.Exploit.JS.CVE20061359.b : Cleaned.
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\45GV4BGB\ian_car[2].js -> Not-A-Virus.Exploit.JS.CVE20061359.b : Cleaned.
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\45GV4BGB\ian_car[3].js -> Not-A-Virus.Exploit.JS.CVE20061359.b : Cleaned.
C:\Documents and Settings\Owner\Cookies\owner@2o7[2].txt -> TrackingCookie.2o7 : Cleaned.
C:\RECYCLER\S-1-5-21-2276652658-2038455674-3860006178-500\Dc2.txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Owner\Cookies\owner@rotator.adjuggler[2].txt -> TrackingCookie.Adjuggler : Cleaned.
C:\RECYCLER\S-1-5-21-2276652658-2038455674-3860006178-500\Dc91.txt -> TrackingCookie.Adjuggler : Cleaned.
C:\Documents and Settings\Owner\Cookies\owner@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned.
C:\RECYCLER\S-1-5-21-2276652658-2038455674-3860006178-500\Dc23.txt -> TrackingCookie.Atdmt : Cleaned.
C:\RECYCLER\S-1-5-21-2276652658-2038455674-3860006178-500\Dc24.txt -> TrackingCookie.Atdmt : Cleaned.
C:\RECYCLER\S-1-5-21-2276652658-2038455674-3860006178-500\Dc129.txt -> TrackingCookie.Burstnet : Cleaned.
C:\RECYCLER\S-1-5-21-2276652658-2038455674-3860006178-500\Dc30.txt -> TrackingCookie.Burstnet : Cleaned.
C:\RECYCLER\S-1-5-21-2276652658-2038455674-3860006178-500\Dc38.txt -> TrackingCookie.Com : Cleaned.
C:\Documents and Settings\Owner\Cookies\owner@doubleclick[2].txt -> TrackingCookie.Doubleclick : Cleaned.
C:\RECYCLER\S-1-5-21-2276652658-2038455674-3860006178-500\Dc42.txt -> TrackingCookie.Doubleclick : Cleaned.
C:\RECYCLER\S-1-5-21-2276652658-2038455674-3860006178-500\Dc60.txt -> TrackingCookie.Hitbox : Cleaned.
C:\RECYCLER\S-1-5-21-2276652658-2038455674-3860006178-500\Dc96.txt -> TrackingCookie.Live : Cleaned.
C:\RECYCLER\S-1-5-21-2276652658-2038455674-3860006178-500\Dc92.txt -> TrackingCookie.Liveperson : Cleaned.
C:\Documents and Settings\Owner\Cookies\owner@mediaplex[1].txt -> TrackingCookie.Mediaplex : Cleaned.
C:\RECYCLER\S-1-5-21-2276652658-2038455674-3860006178-500\Dc25.txt -> TrackingCookie.Msn : Cleaned.
C:\RECYCLER\S-1-5-21-2276652658-2038455674-3860006178-500\Dc153.txt -> TrackingCookie.Myaffiliateprogram : Cleaned.
C:\RECYCLER\S-1-5-21-2276652658-2038455674-3860006178-500\Dc17.txt -> TrackingCookie.Pointroll : Cleaned.
C:\RECYCLER\S-1-5-21-2276652658-2038455674-3860006178-500\Dc89.txt -> TrackingCookie.Revsci : Cleaned.
C:\Documents and Settings\Owner\Cookies\owner@adopt.specificclick[2].txt -> TrackingCookie.Specificclick : Cleaned.
C:\Documents and Settings\Owner\Cookies\owner@specificclick[2].txt -> TrackingCookie.Specificclick : Cleaned.
C:\Documents and Settings\Owner\Cookies\owner@statcounter[2].txt -> TrackingCookie.Statcounter : Cleaned.
C:\Documents and Settings\Owner\Cookies\owner@tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned.
C:\RECYCLER\S-1-5-21-2276652658-2038455674-3860006178-500\Dc109.txt -> TrackingCookie.Tacoda : Cleaned.
C:\Documents and Settings\Owner\Cookies\owner@tribalfusion[1].txt -> TrackingCookie.Tribalfusion : Cleaned.
C:\RECYCLER\S-1-5-21-2276652658-2038455674-3860006178-500\Dc114.txt -> TrackingCookie.Tribalfusion : Cleaned.
C:\RECYCLER\S-1-5-21-2276652658-2038455674-3860006178-500\Dc70.txt -> TrackingCookie.Webtrends : Cleaned.
C:\Documents and Settings\Owner\Cookies\owner@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\RECYCLER\S-1-5-21-2276652658-2038455674-3860006178-500\Dc11.txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\RECYCLER\S-1-5-21-2276652658-2038455674-3860006178-500\Dc12.txt -> TrackingCookie.Yieldmanager : Cleaned.
::Report end
crunchie 990 Most Valuable Poster Team Colleague Featured Poster
From the results of your AVG scan, I need to check something else.
Please download FindAWF:
http://noahdfear.net/downloads/FindAWF.exe
Save the file to the Desktop
Double-click the FindAWF icon.
If a Security Alert shows, allow the program to run.
As instructed, press any key to continue.
Use the following option: Press 1 then Enter to scan for bak folders
The scan may take a while, please be patient.
When done, a text file, Find AWF report is produced.
Please provide Find AWF report in your reply.
verynewuser 0 Newbie Poster
Here is my AWF report after scanning
Thank you. Let me know if I 've got more problems
Find AWF report by noahdfear ©2006
Version 1.40
The current date is: Sat 08/25/2007
The current time is: 19:41:28.51
bak folders found
~~~~~~~~~~~
Directory of C:\PROGRA~1\DIGITA~1\BAK
10/18/2004 03:05 PM 135,168 shwiconem.exe
1 File(s) 135,168 bytes
Directory of C:\PROGRA~1\ITUNES\BAK
02/23/2006 03:45 PM 278,528 iTunesHelper.exe
1 File(s) 278,528 bytes
Directory of C:\PROGRA~1\MESSEN~1\BAK
0 File(s) 0 bytes
Directory of C:\PROGRA~1\QUICKT~1\BAK
06/29/2006 08:32 AM 155,648 qttask.exe
1 File(s) 155,648 bytes
Directory of C:\WINDOWS\SMINST\BAK
09/13/2002 01:42 PM 212,992 RECGUARD.EXE
1 File(s) 212,992 bytes
Directory of C:\WINDOWS\SYSTEM32\BAK
08/04/2004 05:00 AM 15,360 ctfmon.exe
08/20/2004 04:51 PM 118,784 hkcmd.exe
08/20/2004 04:55 PM 155,648 igfxtray.exe
07/09/2001 12:50 PM 155,648 NeroCheck.exe
4 File(s) 445,440 bytes
Directory of C:\PROGRA~1\CREATIVE\SHARED~1\BAK
0 File(s) 0 bytes
Directory of C:\PROGRA~1\CYBERL~1\POWERDVD\BAK
10/31/2003 08:42 PM 32,768 PDVDServ.exe
1 File(s) 32,768 bytes
Directory of C:\PROGRA~1\GRISOFT\AVG7\BAK
08/02/2006 08:51 PM 358,447 avgcc.exe
1 File(s) 358,447 bytes
Directory of C:\PROGRA~1\HEWLET~1\HPSOFT~1\BAK
02/18/2004 10:55 AM 49,152 HPWuSchd2.exe
1 File(s) 49,152 bytes
Directory of C:\PROGRA~1\HP\HPCORE~1\BAK
12/22/2003 09:38 AM 241,664 hpcmpmgr.exe
1 File(s) 241,664 bytes
Directory of C:\PROGRA~1\REAL\REALPL~1\BAK
11/09/2004 10:02 AM 26,112 RealPlay.exe
1 File(s) 26,112 bytes
Directory of C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\BAK
0 File(s) 0 bytes
Directory of C:\PROGRA~1\COMMON~1\MICROS~1\WORKSS~1\BAK
06/07/2003 04:32 AM 50,688 WkUFind.exe
1 File(s) 50,688 bytes
Directory of C:\PROGRA~1\JAVA\JRE15~1.0_0\BIN\BAK
03/04/2005 04:36 AM 36,975 jusched.exe
1 File(s) 36,975 bytes
Directory of C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\BAK
03/04/2004 08:46 AM 172,032 hpztsb10.exe
1 File(s) 172,032 bytes
Duplicate files of bak directory contents
~~~~~~~~~~~~~~~~~~~~~~~
135168 Oct 18 2004 "C:\Program Files\Digital Media Reader\bak\shwiconem.exe"
256576 Oct 30 2006 "C:\Program Files\iTunes\iTunesHelper.exe"
278528 Feb 23 2006 "C:\Program Files\iTunes\bak\iTunesHelper.exe"
102400 Mar 4 2007 "C:\WINDOWS\Installer\{446DBFFA-4088-48E3-8932-74316BA4CAE4}\iTunesIco.exe"
108096 Oct 30 2006 "C:\Documents and Settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 7.0.2.16\iTunesSetupAdmin.exe"
506332 Aug 2 2006 "C:\Documents and Settings\Valentina\Local Settings\Temporary Internet Files\Content.IE5\OX4NK30J\iTunesSetup[1].exe"
9304183 Mar 4 2007 "C:\Documents and Settings\Valentina\Local Settings\Temporary Internet Files\Content.IE5\SHGV4V8Z\iTunesSetup[1].exe"
282624 Oct 25 2006 "C:\Program Files\QuickTime\qttask.exe"
155648 Jun 29 2006 "C:\Program Files\QuickTime\bak\qttask.exe"
212992 Sep 13 2002 "C:\WINDOWS\SMINST\bak\RECGUARD.EXE"
15360 Aug 4 2004 "C:\WINDOWS\system32\ctfmon.exe"
15360 Aug 4 2004 "C:\WINDOWS\system32\bak\ctfmon.exe"
118784 Aug 20 2004 "C:\WINDOWS\system32\bak\hkcmd.exe"
155648 Aug 20 2004 "C:\WINDOWS\system32\bak\igfxtray.exe"
155648 Jul 9 2001 "C:\WINDOWS\system32\bak\NeroCheck.exe"
32768 Oct 31 2003 "C:\Program Files\CyberLink\PowerDVD\bak\PDVDServ.exe"
416256 Aug 14 2007 "C:\Program Files\Grisoft\AVG7\avgcc.exe"
358447 Aug 2 2006 "C:\Program Files\Grisoft\AVG7\bak\avgcc.exe"
49152 Feb 18 2004 "C:\Program Files\Hewlett-Packard\HP Software Update\bak\HPWuSchd2.exe"
241664 Dec 22 2003 "C:\Program Files\HP\hpcoretech\bak\hpcmpmgr.exe"
26112 Nov 9 2004 "C:\Program Files\Real\RealPlayer\bak\RealPlay.exe"
50688 Jun 7 2003 "C:\Program Files\Common Files\Microsoft Shared\Works Shared\bak\WkUFind.exe"
36975 Mar 4 2005 "C:\Program Files\Java\jre1.5.0_02\bin\bak\jusched.exe"
172032 Mar 4 2004 "C:\WINDOWS\system32\spool\drivers\w32x86\3\bak\hpztsb10.exe"
end of report
Edited by mike_2000_17 because: Fixed formatting
crunchie 990 Most Valuable Poster Team Colleague Featured Poster
Double-click the FindAWF icon once again
If a Security Alert shows, allow the program to run.
As instructed, press any key to continue.
Use the following option: Press 2 then Enter to restore files from bak folders
A text file opens called: files.txt
Click below the line and paste the following list of files to be restored:
C:\Program Files\Digital Media Reader\bak\shwiconem.exe
C:\Program Files\iTunes\bak\iTunesHelper.exe
C:\Program Files\QuickTime\bak\qttask.exe
C:\WINDOWS\SMINST\bak\RECGUARD.EXE
C:\WINDOWS\system32\bak\ctfmon.exe
C:\WINDOWS\system32\bak\hkcmd.exe
C:\WINDOWS\system32\bak\igfxtray.exe
C:\WINDOWS\system32\bak\NeroCheck.exe
C:\Program Files\CyberLink\PowerDVD\bak\PDVDServ.exe
C:\Program Files\Grisoft\AVG7\bak\avgcc.exe
C:\Program Files\Hewlett-Packard\HP Software Update\bak\HPWuSchd2.exe
C:\Program Files\HP\hpcoretech\bak\hpcmpmgr.exe
C:\Program Files\Real\RealPlayer\bak\RealPlay.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\bak\WkUFind.exe
C:\Program Files\Java\jre1.5.0_02\bin\bak\jusched.exe
"C:\WINDOWS\system32\spool\drivers\w32x86\3\bak\hpztsb10.exe"
Next, close and click Yes to save the changes.
Once files.txt is saved, FindAWF does the following:
-It attempts to terminate the process represented by each filename on the list, if running
-Deletes the rogue file from the parent folder, if present
-Copies the original file to the parent folder
When done with the above, it automatically runs a new scan and opens a new log.
Please provide the new FindAWF log in your reply.
Be a part of the DaniWeb community
We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.