 |  |  |  |  |  |  |  |
blank pop-ups
 |
•
•
Join Date: May 2005
Posts: 3,204
Reputation: 
Solved Threads: 188
DeOnna, for some reason [not your fault, it's the trojan...] that operation did not fully work, so please repeat option2 with the same block of entries [repeated below]
[We are trying to copy the original files back into their proper locations, overwriting the affected files.]
So:
-option 2, FindAWF: dclick the .exe to start the program, select to restore files, into the text file that opens paste all the text between the lines:
_____________________________________________________________
"C:\Program Files\HP DigitalMedia Archive\bak\DMAScheduler.exe"
"C:\Program Files\Picasa2\bak\PicasaMediaDetector.exe"
"C:\Program Files\REGSHAVE\bak\REGSHAVE.EXE"
"C:\Program Files\Windows Defender\bak\MSASCui.exe"
"C:\WINDOWS\CREATOR\bak\Remind_XP.exe"
"C:\WINDOWS\ehome\bak\ehtray.exe"
"C:\WINDOWS\SMINST\bak\RECGUARD.EXE"
"C:\Program Files\Grisoft\AVG Free\bak\avgcc.exe"
"C:\Program Files\Hewlett-Packard\HP Boot Optimizer\bak\HPBootOp.exe"
"C:\Program Files\HP\HP Software Update\bak\HPWuSchd2.exe"
"C:\Program Files\Yahoo!\Search Protection\bak\SearchProtection.exe"
"C:\Program Files\Common Files\Real\Update_OB\bak\realsched.exe"
"C:\Program Files\Java\jre1.6.0_02\bin\bak\jusched.exe"
"C:\Program Files\Snapfish\Snapfish PhotoShow\data\Xtras\bak\mssysmgr.exe"
_____________________________________________________________
-close the text file and click Yes. Please post the contents of the notepad that opens.
[We are trying to copy the original files back into their proper locations, overwriting the affected files.]
So:
-option 2, FindAWF: dclick the .exe to start the program, select to restore files, into the text file that opens paste all the text between the lines:
_____________________________________________________________
"C:\Program Files\HP DigitalMedia Archive\bak\DMAScheduler.exe"
"C:\Program Files\Picasa2\bak\PicasaMediaDetector.exe"
"C:\Program Files\REGSHAVE\bak\REGSHAVE.EXE"
"C:\Program Files\Windows Defender\bak\MSASCui.exe"
"C:\WINDOWS\CREATOR\bak\Remind_XP.exe"
"C:\WINDOWS\ehome\bak\ehtray.exe"
"C:\WINDOWS\SMINST\bak\RECGUARD.EXE"
"C:\Program Files\Grisoft\AVG Free\bak\avgcc.exe"
"C:\Program Files\Hewlett-Packard\HP Boot Optimizer\bak\HPBootOp.exe"
"C:\Program Files\HP\HP Software Update\bak\HPWuSchd2.exe"
"C:\Program Files\Yahoo!\Search Protection\bak\SearchProtection.exe"
"C:\Program Files\Common Files\Real\Update_OB\bak\realsched.exe"
"C:\Program Files\Java\jre1.6.0_02\bin\bak\jusched.exe"
"C:\Program Files\Snapfish\Snapfish PhotoShow\data\Xtras\bak\mssysmgr.exe"
_____________________________________________________________
-close the text file and click Yes. Please post the contents of the notepad that opens.
Deep, deep in the woods, but walking about.
•
•
Join Date: Jun 2004
Posts: 253
Reputation:
Solved Threads: 13
Posting Whiz in Training
Here you go.....
Find AWF report by noahdfear ©2006
Version 1.40
Option 2 run successfully
The current date is: Fri 10/26/2007
The current time is: 8:43:31.29
bak folders found
~~~~~~~~~~~
Directory of C:\PROGRA~1\HPDIGI~1\BAK
04/13/2006 12:05 PM 90,112 DMAScheduler.exe
1 File(s) 90,112 bytes
Directory of C:\PROGRA~1\MSNMES~1\BAK
0 File(s) 0 bytes
Directory of C:\PROGRA~1\PICASA2\BAK
06/15/2007 07:15 PM 366,400 PicasaMediaDetector.exe
1 File(s) 366,400 bytes
Directory of C:\PROGRA~1\REGSHAVE\BAK
02/04/2002 10:32 PM 53,248 REGSHAVE.EXE
1 File(s) 53,248 bytes
Directory of C:\PROGRA~1\WIFD1F~1\BAK
11/03/2006 07:20 PM 866,584 MSASCui.exe
1 File(s) 866,584 bytes
Directory of C:\WINDOWS\CREATOR\BAK
12/14/2004 05:23 AM 663,552 Remind_XP.exe
1 File(s) 663,552 bytes
Directory of C:\WINDOWS\EHOME\BAK
09/30/2005 12:01 AM 67,584 ehtray.exe
1 File(s) 67,584 bytes
Directory of C:\WINDOWS\SMINST\BAK
07/23/2005 01:14 AM 237,568 RECGUARD.EXE
1 File(s) 237,568 bytes
Directory of C:\PROGRA~1\GRISOFT\AVGFRE~1\BAK
09/14/2007 09:38 AM 421,888 avgcc.exe
1 File(s) 421,888 bytes
Directory of C:\PROGRA~1\HEWLET~1\HPBOOT~1\BAK
02/16/2006 01:34 AM 249,856 HPBootOp.exe
1 File(s) 249,856 bytes
Directory of C:\PROGRA~1\HP\HPSOFT~1\BAK
02/16/2005 11:11 PM 49,152 HPWuSchd2.exe
1 File(s) 49,152 bytes
Directory of C:\PROGRA~1\YAHOO!\MESSEN~1\BAK
0 File(s) 0 bytes
Directory of C:\PROGRA~1\YAHOO!\SEARCH~1\BAK
06/08/2007 10:59 AM 224,248 SearchProtection.exe
1 File(s) 224,248 bytes
Directory of C:\PROGRA~1\COMMON~1\REAL\UPDATE~1\BAK
07/31/2006 07:16 PM 180,269 realsched.exe
1 File(s) 180,269 bytes
Directory of C:\PROGRA~1\JAVA\JRE16~2.0_0\BIN\BAK
07/12/2007 04:00 AM 132,496 jusched.exe
1 File(s) 132,496 bytes
Directory of C:\PROGRA~1\SNAPFISH\SNAPFI~1\DATA\XTRAS\BAK
01/31/2005 03:06 PM 208,896 mssysmgr.exe
1 File(s) 208,896 bytes
Duplicate files of bak directory contents
~~~~~~~~~~~~~~~~~~~~~~~
90112 Apr 13 2006 "C:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe"
90112 Apr 13 2006 "C:\Program Files\HP DigitalMedia Archive\bak\DMAScheduler.exe"
591416 Sep 27 2007 "C:\Program Files\Picasa2\PicasaUpdate.exe"
5388088 Jun 29 2007 "C:\Documents and Settings\HP_Administrator\My Documents\picasaweb-current-setup.exe"
366400 Jun 15 2007 "C:\Program Files\Picasa2\bak\PicasaMediaDetector.exe"
665160 Sep 27 2007 "C:\Program Files\Picasa2\cdautorun\PicasaRestore.exe"
53248 Feb 4 2002 "C:\Program Files\REGSHAVE\REGSHAVE.EXE"
53248 Feb 4 2002 "C:\Program Files\REGSHAVE\bak\REGSHAVE.EXE"
866584 Nov 3 2006 "C:\Program Files\Windows Defender\MSASCui.exe"
866584 Nov 3 2006 "C:\Program Files\Windows Defender\bak\MSASCui.exe"
663552 Dec 14 2004 "C:\WINDOWS\CREATOR\Remind_XP.exe"
663552 Dec 14 2004 "C:\WINDOWS\CREATOR\bak\Remind_XP.exe"
64512 Aug 5 2005 "C:\WINDOWS\$NtUninstallKB908246$\ehtray.exe"
64512 Aug 5 2005 "C:\WINDOWS\ehome\ehtray.exe"
67584 Sep 30 2005 "C:\WINDOWS\ehome\bak\ehtray.exe"
237568 Jul 23 2005 "C:\WINDOWS\SMINST\RECGUARD.EXE"
237568 Jul 23 2005 "C:\WINDOWS\SMINST\bak\RECGUARD.EXE"
421888 Sep 14 2007 "C:\Program Files\Grisoft\AVG Free\avgcc.exe"
421888 Sep 14 2007 "C:\Program Files\Grisoft\AVG Free\bak\avgcc.exe"
421888 Sep 14 2007 "C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7upd\backup\avgcc.exe"
249856 Feb 16 2006 "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe"
249856 Feb 16 2006 "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\bak\HPBootOp.exe"
49152 Feb 16 2005 "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
49152 Feb 16 2005 "C:\Program Files\HP\HP Software Update\bak\HPWuSchd2.exe"
224248 Jun 8 2007 "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
224248 Jun 8 2007 "C:\Program Files\Yahoo!\Search Protection\bak\SearchProtection.exe"
180269 Jul 31 2006 "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"
180269 Jul 31 2006 "C:\Program Files\Common Files\Real\Update_OB\bak\realsched.exe"
132496 Sep 25 2007 "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
132496 Jul 12 2007 "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
36975 Nov 10 2005 "C:\RECYCLER\S-1-5-21-3809739533-768046810-4258763112-1007\Dc1.0_06\bin\jusched.exe"
49263 Nov 9 2006 "C:\RECYCLER\S-1-5-21-3809739533-768046810-4258763112-1007\Dc2.0_10\bin\jusched.exe"
49263 Oct 12 2006 "C:\RECYCLER\S-1-5-21-3809739533-768046810-4258763112-1007\Dc3.0_09\bin\jusched.exe"
75520 Dec 15 2006 "C:\RECYCLER\S-1-5-21-3809739533-768046810-4258763112-1007\Dc4.0_11\bin\jusched.exe"
132496 Jul 12 2007 "C:\Program Files\Java\jre1.6.0_02\bin\bak\jusched.exe"
208896 Jan 31 2005 "C:\Program Files\Snapfish\Snapfish PhotoShow\data\Xtras\mssysmgr.exe"
208896 Jan 31 2005 "C:\Program Files\Snapfish\Snapfish PhotoShow\data\Xtras\bak\mssysmgr.exe"
end of report
Find AWF report by noahdfear ©2006
Version 1.40
Option 2 run successfully
The current date is: Fri 10/26/2007
The current time is: 8:43:31.29
bak folders found
~~~~~~~~~~~
Directory of C:\PROGRA~1\HPDIGI~1\BAK
04/13/2006 12:05 PM 90,112 DMAScheduler.exe
1 File(s) 90,112 bytes
Directory of C:\PROGRA~1\MSNMES~1\BAK
0 File(s) 0 bytes
Directory of C:\PROGRA~1\PICASA2\BAK
06/15/2007 07:15 PM 366,400 PicasaMediaDetector.exe
1 File(s) 366,400 bytes
Directory of C:\PROGRA~1\REGSHAVE\BAK
02/04/2002 10:32 PM 53,248 REGSHAVE.EXE
1 File(s) 53,248 bytes
Directory of C:\PROGRA~1\WIFD1F~1\BAK
11/03/2006 07:20 PM 866,584 MSASCui.exe
1 File(s) 866,584 bytes
Directory of C:\WINDOWS\CREATOR\BAK
12/14/2004 05:23 AM 663,552 Remind_XP.exe
1 File(s) 663,552 bytes
Directory of C:\WINDOWS\EHOME\BAK
09/30/2005 12:01 AM 67,584 ehtray.exe
1 File(s) 67,584 bytes
Directory of C:\WINDOWS\SMINST\BAK
07/23/2005 01:14 AM 237,568 RECGUARD.EXE
1 File(s) 237,568 bytes
Directory of C:\PROGRA~1\GRISOFT\AVGFRE~1\BAK
09/14/2007 09:38 AM 421,888 avgcc.exe
1 File(s) 421,888 bytes
Directory of C:\PROGRA~1\HEWLET~1\HPBOOT~1\BAK
02/16/2006 01:34 AM 249,856 HPBootOp.exe
1 File(s) 249,856 bytes
Directory of C:\PROGRA~1\HP\HPSOFT~1\BAK
02/16/2005 11:11 PM 49,152 HPWuSchd2.exe
1 File(s) 49,152 bytes
Directory of C:\PROGRA~1\YAHOO!\MESSEN~1\BAK
0 File(s) 0 bytes
Directory of C:\PROGRA~1\YAHOO!\SEARCH~1\BAK
06/08/2007 10:59 AM 224,248 SearchProtection.exe
1 File(s) 224,248 bytes
Directory of C:\PROGRA~1\COMMON~1\REAL\UPDATE~1\BAK
07/31/2006 07:16 PM 180,269 realsched.exe
1 File(s) 180,269 bytes
Directory of C:\PROGRA~1\JAVA\JRE16~2.0_0\BIN\BAK
07/12/2007 04:00 AM 132,496 jusched.exe
1 File(s) 132,496 bytes
Directory of C:\PROGRA~1\SNAPFISH\SNAPFI~1\DATA\XTRAS\BAK
01/31/2005 03:06 PM 208,896 mssysmgr.exe
1 File(s) 208,896 bytes
Duplicate files of bak directory contents
~~~~~~~~~~~~~~~~~~~~~~~
90112 Apr 13 2006 "C:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe"
90112 Apr 13 2006 "C:\Program Files\HP DigitalMedia Archive\bak\DMAScheduler.exe"
591416 Sep 27 2007 "C:\Program Files\Picasa2\PicasaUpdate.exe"
5388088 Jun 29 2007 "C:\Documents and Settings\HP_Administrator\My Documents\picasaweb-current-setup.exe"
366400 Jun 15 2007 "C:\Program Files\Picasa2\bak\PicasaMediaDetector.exe"
665160 Sep 27 2007 "C:\Program Files\Picasa2\cdautorun\PicasaRestore.exe"
53248 Feb 4 2002 "C:\Program Files\REGSHAVE\REGSHAVE.EXE"
53248 Feb 4 2002 "C:\Program Files\REGSHAVE\bak\REGSHAVE.EXE"
866584 Nov 3 2006 "C:\Program Files\Windows Defender\MSASCui.exe"
866584 Nov 3 2006 "C:\Program Files\Windows Defender\bak\MSASCui.exe"
663552 Dec 14 2004 "C:\WINDOWS\CREATOR\Remind_XP.exe"
663552 Dec 14 2004 "C:\WINDOWS\CREATOR\bak\Remind_XP.exe"
64512 Aug 5 2005 "C:\WINDOWS\$NtUninstallKB908246$\ehtray.exe"
64512 Aug 5 2005 "C:\WINDOWS\ehome\ehtray.exe"
67584 Sep 30 2005 "C:\WINDOWS\ehome\bak\ehtray.exe"
237568 Jul 23 2005 "C:\WINDOWS\SMINST\RECGUARD.EXE"
237568 Jul 23 2005 "C:\WINDOWS\SMINST\bak\RECGUARD.EXE"
421888 Sep 14 2007 "C:\Program Files\Grisoft\AVG Free\avgcc.exe"
421888 Sep 14 2007 "C:\Program Files\Grisoft\AVG Free\bak\avgcc.exe"
421888 Sep 14 2007 "C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7upd\backup\avgcc.exe"
249856 Feb 16 2006 "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe"
249856 Feb 16 2006 "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\bak\HPBootOp.exe"
49152 Feb 16 2005 "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
49152 Feb 16 2005 "C:\Program Files\HP\HP Software Update\bak\HPWuSchd2.exe"
224248 Jun 8 2007 "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
224248 Jun 8 2007 "C:\Program Files\Yahoo!\Search Protection\bak\SearchProtection.exe"
180269 Jul 31 2006 "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"
180269 Jul 31 2006 "C:\Program Files\Common Files\Real\Update_OB\bak\realsched.exe"
132496 Sep 25 2007 "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
132496 Jul 12 2007 "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
36975 Nov 10 2005 "C:\RECYCLER\S-1-5-21-3809739533-768046810-4258763112-1007\Dc1.0_06\bin\jusched.exe"
49263 Nov 9 2006 "C:\RECYCLER\S-1-5-21-3809739533-768046810-4258763112-1007\Dc2.0_10\bin\jusched.exe"
49263 Oct 12 2006 "C:\RECYCLER\S-1-5-21-3809739533-768046810-4258763112-1007\Dc3.0_09\bin\jusched.exe"
75520 Dec 15 2006 "C:\RECYCLER\S-1-5-21-3809739533-768046810-4258763112-1007\Dc4.0_11\bin\jusched.exe"
132496 Jul 12 2007 "C:\Program Files\Java\jre1.6.0_02\bin\bak\jusched.exe"
208896 Jan 31 2005 "C:\Program Files\Snapfish\Snapfish PhotoShow\data\Xtras\mssysmgr.exe"
208896 Jan 31 2005 "C:\Program Files\Snapfish\Snapfish PhotoShow\data\Xtras\bak\mssysmgr.exe"
end of report
•
•
Join Date: May 2005
Posts: 3,204
Reputation:
Solved Threads: 188
DeOnna, try option 2 again with just these two:
"C:\WINDOWS\ehome\bak\ehtray.exe"
"C:\Program Files\Picasa2\bak\PicasaMediaDetector.exe"
"C:\WINDOWS\ehome\bak\ehtray.exe"
"C:\Program Files\Picasa2\bak\PicasaMediaDetector.exe"
Deep, deep in the woods, but walking about.
•
•
Join Date: Jun 2004
Posts: 253
Reputation:
Solved Threads: 13
Posting Whiz in Training
Find AWF report by noahdfear ©2006
Version 1.40
Option 2 run successfully
The current date is: Fri 10/26/2007
The current time is: 9:37:44.73
bak folders found
~~~~~~~~~~~
Directory of C:\PROGRA~1\HPDIGI~1\BAK
04/13/2006 12:05 PM 90,112 DMAScheduler.exe
1 File(s) 90,112 bytes
Directory of C:\PROGRA~1\MSNMES~1\BAK
0 File(s) 0 bytes
Directory of C:\PROGRA~1\PICASA2\BAK
06/15/2007 07:15 PM 366,400 PicasaMediaDetector.exe
1 File(s) 366,400 bytes
Directory of C:\PROGRA~1\REGSHAVE\BAK
02/04/2002 10:32 PM 53,248 REGSHAVE.EXE
1 File(s) 53,248 bytes
Directory of C:\PROGRA~1\WIFD1F~1\BAK
11/03/2006 07:20 PM 866,584 MSASCui.exe
1 File(s) 866,584 bytes
Directory of C:\WINDOWS\CREATOR\BAK
12/14/2004 05:23 AM 663,552 Remind_XP.exe
1 File(s) 663,552 bytes
Directory of C:\WINDOWS\EHOME\BAK
09/30/2005 12:01 AM 67,584 ehtray.exe
1 File(s) 67,584 bytes
Directory of C:\WINDOWS\SMINST\BAK
07/23/2005 01:14 AM 237,568 RECGUARD.EXE
1 File(s) 237,568 bytes
Directory of C:\PROGRA~1\GRISOFT\AVGFRE~1\BAK
09/14/2007 09:38 AM 421,888 avgcc.exe
1 File(s) 421,888 bytes
Directory of C:\PROGRA~1\HEWLET~1\HPBOOT~1\BAK
02/16/2006 01:34 AM 249,856 HPBootOp.exe
1 File(s) 249,856 bytes
Directory of C:\PROGRA~1\HP\HPSOFT~1\BAK
02/16/2005 11:11 PM 49,152 HPWuSchd2.exe
1 File(s) 49,152 bytes
Directory of C:\PROGRA~1\YAHOO!\MESSEN~1\BAK
0 File(s) 0 bytes
Directory of C:\PROGRA~1\YAHOO!\SEARCH~1\BAK
06/08/2007 10:59 AM 224,248 SearchProtection.exe
1 File(s) 224,248 bytes
Directory of C:\PROGRA~1\COMMON~1\REAL\UPDATE~1\BAK
07/31/2006 07:16 PM 180,269 realsched.exe
1 File(s) 180,269 bytes
Directory of C:\PROGRA~1\JAVA\JRE16~2.0_0\BIN\BAK
07/12/2007 04:00 AM 132,496 jusched.exe
1 File(s) 132,496 bytes
Directory of C:\PROGRA~1\SNAPFISH\SNAPFI~1\DATA\XTRAS\BAK
01/31/2005 03:06 PM 208,896 mssysmgr.exe
1 File(s) 208,896 bytes
Duplicate files of bak directory contents
~~~~~~~~~~~~~~~~~~~~~~~
90112 Apr 13 2006 "C:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe"
90112 Apr 13 2006 "C:\Program Files\HP DigitalMedia Archive\bak\DMAScheduler.exe"
591416 Sep 27 2007 "C:\Program Files\Picasa2\PicasaUpdate.exe"
5388088 Jun 29 2007 "C:\Documents and Settings\HP_Administrator\My Documents\picasaweb-current-setup.exe"
366400 Jun 15 2007 "C:\Program Files\Picasa2\bak\PicasaMediaDetector.exe"
665160 Sep 27 2007 "C:\Program Files\Picasa2\cdautorun\PicasaRestore.exe"
53248 Feb 4 2002 "C:\Program Files\REGSHAVE\REGSHAVE.EXE"
53248 Feb 4 2002 "C:\Program Files\REGSHAVE\bak\REGSHAVE.EXE"
866584 Nov 3 2006 "C:\Program Files\Windows Defender\MSASCui.exe"
866584 Nov 3 2006 "C:\Program Files\Windows Defender\bak\MSASCui.exe"
663552 Dec 14 2004 "C:\WINDOWS\CREATOR\Remind_XP.exe"
663552 Dec 14 2004 "C:\WINDOWS\CREATOR\bak\Remind_XP.exe"
64512 Aug 5 2005 "C:\WINDOWS\$NtUninstallKB908246$\ehtray.exe"
64512 Aug 5 2005 "C:\WINDOWS\ehome\ehtray.exe"
67584 Sep 30 2005 "C:\WINDOWS\ehome\bak\ehtray.exe"
237568 Jul 23 2005 "C:\WINDOWS\SMINST\RECGUARD.EXE"
237568 Jul 23 2005 "C:\WINDOWS\SMINST\bak\RECGUARD.EXE"
421888 Sep 14 2007 "C:\Program Files\Grisoft\AVG Free\avgcc.exe"
421888 Sep 14 2007 "C:\Program Files\Grisoft\AVG Free\bak\avgcc.exe"
421888 Sep 14 2007 "C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7upd\backup\avgcc.exe"
249856 Feb 16 2006 "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe"
249856 Feb 16 2006 "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\bak\HPBootOp.exe"
49152 Feb 16 2005 "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
49152 Feb 16 2005 "C:\Program Files\HP\HP Software Update\bak\HPWuSchd2.exe"
224248 Jun 8 2007 "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
224248 Jun 8 2007 "C:\Program Files\Yahoo!\Search Protection\bak\SearchProtection.exe"
180269 Jul 31 2006 "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"
180269 Jul 31 2006 "C:\Program Files\Common Files\Real\Update_OB\bak\realsched.exe"
132496 Sep 25 2007 "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
132496 Jul 12 2007 "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
36975 Nov 10 2005 "C:\RECYCLER\S-1-5-21-3809739533-768046810-4258763112-1007\Dc1.0_06\bin\jusched.exe"
49263 Nov 9 2006 "C:\RECYCLER\S-1-5-21-3809739533-768046810-4258763112-1007\Dc2.0_10\bin\jusched.exe"
49263 Oct 12 2006 "C:\RECYCLER\S-1-5-21-3809739533-768046810-4258763112-1007\Dc3.0_09\bin\jusched.exe"
75520 Dec 15 2006 "C:\RECYCLER\S-1-5-21-3809739533-768046810-4258763112-1007\Dc4.0_11\bin\jusched.exe"
132496 Jul 12 2007 "C:\Program Files\Java\jre1.6.0_02\bin\bak\jusched.exe"
208896 Jan 31 2005 "C:\Program Files\Snapfish\Snapfish PhotoShow\data\Xtras\mssysmgr.exe"
208896 Jan 31 2005 "C:\Program Files\Snapfish\Snapfish PhotoShow\data\Xtras\bak\mssysmgr.exe"
end of report
Version 1.40
Option 2 run successfully
The current date is: Fri 10/26/2007
The current time is: 9:37:44.73
bak folders found
~~~~~~~~~~~
Directory of C:\PROGRA~1\HPDIGI~1\BAK
04/13/2006 12:05 PM 90,112 DMAScheduler.exe
1 File(s) 90,112 bytes
Directory of C:\PROGRA~1\MSNMES~1\BAK
0 File(s) 0 bytes
Directory of C:\PROGRA~1\PICASA2\BAK
06/15/2007 07:15 PM 366,400 PicasaMediaDetector.exe
1 File(s) 366,400 bytes
Directory of C:\PROGRA~1\REGSHAVE\BAK
02/04/2002 10:32 PM 53,248 REGSHAVE.EXE
1 File(s) 53,248 bytes
Directory of C:\PROGRA~1\WIFD1F~1\BAK
11/03/2006 07:20 PM 866,584 MSASCui.exe
1 File(s) 866,584 bytes
Directory of C:\WINDOWS\CREATOR\BAK
12/14/2004 05:23 AM 663,552 Remind_XP.exe
1 File(s) 663,552 bytes
Directory of C:\WINDOWS\EHOME\BAK
09/30/2005 12:01 AM 67,584 ehtray.exe
1 File(s) 67,584 bytes
Directory of C:\WINDOWS\SMINST\BAK
07/23/2005 01:14 AM 237,568 RECGUARD.EXE
1 File(s) 237,568 bytes
Directory of C:\PROGRA~1\GRISOFT\AVGFRE~1\BAK
09/14/2007 09:38 AM 421,888 avgcc.exe
1 File(s) 421,888 bytes
Directory of C:\PROGRA~1\HEWLET~1\HPBOOT~1\BAK
02/16/2006 01:34 AM 249,856 HPBootOp.exe
1 File(s) 249,856 bytes
Directory of C:\PROGRA~1\HP\HPSOFT~1\BAK
02/16/2005 11:11 PM 49,152 HPWuSchd2.exe
1 File(s) 49,152 bytes
Directory of C:\PROGRA~1\YAHOO!\MESSEN~1\BAK
0 File(s) 0 bytes
Directory of C:\PROGRA~1\YAHOO!\SEARCH~1\BAK
06/08/2007 10:59 AM 224,248 SearchProtection.exe
1 File(s) 224,248 bytes
Directory of C:\PROGRA~1\COMMON~1\REAL\UPDATE~1\BAK
07/31/2006 07:16 PM 180,269 realsched.exe
1 File(s) 180,269 bytes
Directory of C:\PROGRA~1\JAVA\JRE16~2.0_0\BIN\BAK
07/12/2007 04:00 AM 132,496 jusched.exe
1 File(s) 132,496 bytes
Directory of C:\PROGRA~1\SNAPFISH\SNAPFI~1\DATA\XTRAS\BAK
01/31/2005 03:06 PM 208,896 mssysmgr.exe
1 File(s) 208,896 bytes
Duplicate files of bak directory contents
~~~~~~~~~~~~~~~~~~~~~~~
90112 Apr 13 2006 "C:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe"
90112 Apr 13 2006 "C:\Program Files\HP DigitalMedia Archive\bak\DMAScheduler.exe"
591416 Sep 27 2007 "C:\Program Files\Picasa2\PicasaUpdate.exe"
5388088 Jun 29 2007 "C:\Documents and Settings\HP_Administrator\My Documents\picasaweb-current-setup.exe"
366400 Jun 15 2007 "C:\Program Files\Picasa2\bak\PicasaMediaDetector.exe"
665160 Sep 27 2007 "C:\Program Files\Picasa2\cdautorun\PicasaRestore.exe"
53248 Feb 4 2002 "C:\Program Files\REGSHAVE\REGSHAVE.EXE"
53248 Feb 4 2002 "C:\Program Files\REGSHAVE\bak\REGSHAVE.EXE"
866584 Nov 3 2006 "C:\Program Files\Windows Defender\MSASCui.exe"
866584 Nov 3 2006 "C:\Program Files\Windows Defender\bak\MSASCui.exe"
663552 Dec 14 2004 "C:\WINDOWS\CREATOR\Remind_XP.exe"
663552 Dec 14 2004 "C:\WINDOWS\CREATOR\bak\Remind_XP.exe"
64512 Aug 5 2005 "C:\WINDOWS\$NtUninstallKB908246$\ehtray.exe"
64512 Aug 5 2005 "C:\WINDOWS\ehome\ehtray.exe"
67584 Sep 30 2005 "C:\WINDOWS\ehome\bak\ehtray.exe"
237568 Jul 23 2005 "C:\WINDOWS\SMINST\RECGUARD.EXE"
237568 Jul 23 2005 "C:\WINDOWS\SMINST\bak\RECGUARD.EXE"
421888 Sep 14 2007 "C:\Program Files\Grisoft\AVG Free\avgcc.exe"
421888 Sep 14 2007 "C:\Program Files\Grisoft\AVG Free\bak\avgcc.exe"
421888 Sep 14 2007 "C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7upd\backup\avgcc.exe"
249856 Feb 16 2006 "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe"
249856 Feb 16 2006 "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\bak\HPBootOp.exe"
49152 Feb 16 2005 "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
49152 Feb 16 2005 "C:\Program Files\HP\HP Software Update\bak\HPWuSchd2.exe"
224248 Jun 8 2007 "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
224248 Jun 8 2007 "C:\Program Files\Yahoo!\Search Protection\bak\SearchProtection.exe"
180269 Jul 31 2006 "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"
180269 Jul 31 2006 "C:\Program Files\Common Files\Real\Update_OB\bak\realsched.exe"
132496 Sep 25 2007 "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
132496 Jul 12 2007 "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
36975 Nov 10 2005 "C:\RECYCLER\S-1-5-21-3809739533-768046810-4258763112-1007\Dc1.0_06\bin\jusched.exe"
49263 Nov 9 2006 "C:\RECYCLER\S-1-5-21-3809739533-768046810-4258763112-1007\Dc2.0_10\bin\jusched.exe"
49263 Oct 12 2006 "C:\RECYCLER\S-1-5-21-3809739533-768046810-4258763112-1007\Dc3.0_09\bin\jusched.exe"
75520 Dec 15 2006 "C:\RECYCLER\S-1-5-21-3809739533-768046810-4258763112-1007\Dc4.0_11\bin\jusched.exe"
132496 Jul 12 2007 "C:\Program Files\Java\jre1.6.0_02\bin\bak\jusched.exe"
208896 Jan 31 2005 "C:\Program Files\Snapfish\Snapfish PhotoShow\data\Xtras\mssysmgr.exe"
208896 Jan 31 2005 "C:\Program Files\Snapfish\Snapfish PhotoShow\data\Xtras\bak\mssysmgr.exe"
end of report
•
•
Join Date: May 2005
Posts: 3,204
Reputation:
Solved Threads: 188
Nope, it is failing on those two again. So we'll try it the brute force way.
==Please copy the text between the lines to a notepad [format/wordwrap unchecked] and save as fixawf.bat, as type "all files", to your desktop; dclick it to run.
__________________________________________________________
if exist "C:\WINDOWS\ehome\ehtray.exe" del /q "C:\WINDOWS\ehome\ehtray.exe"
copy "C:\WINDOWS\ehome\bak\ehtray.exe" "C:\WINDOWS\ehome"
if exist "C:\WINDOWS\$NtUninstallKB908246$\ehtray.exe" del /q "C:\WINDOWS\$NtUninstallKB908246$\ehtray.exe"
copy "C:\WINDOWS\ehome\bak\ehtray.exe" "C:\WINDOWS\$NtUninstallKB908246$"
del /q "C:\WINDOWS\ehome\bak\ehtray.exe"
if exist "C:\Program Files\Picasa2\PicasaMediaDetector.exe" del /q "C:\Program Files\Picasa2\PicasaMediaDetector.exe"
copy "C:\Program Files\Picasa2\bak\PicasaMediaDetector.exe" "C:\Program Files\Picasa2"
del /q "C:\Program Files\Picasa2\bak\PicasaMediaDetector.exe"
__________________________________________________________
Finally run option 1 again so that I may check the replacements.
==Please copy the text between the lines to a notepad [format/wordwrap unchecked] and save as fixawf.bat, as type "all files", to your desktop; dclick it to run.
__________________________________________________________
if exist "C:\WINDOWS\ehome\ehtray.exe" del /q "C:\WINDOWS\ehome\ehtray.exe"
copy "C:\WINDOWS\ehome\bak\ehtray.exe" "C:\WINDOWS\ehome"
if exist "C:\WINDOWS\$NtUninstallKB908246$\ehtray.exe" del /q "C:\WINDOWS\$NtUninstallKB908246$\ehtray.exe"
copy "C:\WINDOWS\ehome\bak\ehtray.exe" "C:\WINDOWS\$NtUninstallKB908246$"
del /q "C:\WINDOWS\ehome\bak\ehtray.exe"
if exist "C:\Program Files\Picasa2\PicasaMediaDetector.exe" del /q "C:\Program Files\Picasa2\PicasaMediaDetector.exe"
copy "C:\Program Files\Picasa2\bak\PicasaMediaDetector.exe" "C:\Program Files\Picasa2"
del /q "C:\Program Files\Picasa2\bak\PicasaMediaDetector.exe"
__________________________________________________________
Finally run option 1 again so that I may check the replacements.
Last edited by gerbil; Oct 26th, 2007 at 11:16 am.
Deep, deep in the woods, but walking about.
•
•
Join Date: May 2005
Posts: 3,204
Reputation:
Solved Threads: 188
Grinning here... that't the final edit. Run it.
And it's bedtime for me now.
And it's bedtime for me now.
Last edited by gerbil; Oct 26th, 2007 at 11:24 am.
Deep, deep in the woods, but walking about.
•
•
Join Date: Jun 2004
Posts: 253
Reputation:
Solved Threads: 13
Posting Whiz in Training
Ok, when I do that and double click on it, it opens for just a second and then closes again.....am I doing something wrong? Thanks again!
DeOnna
DeOnna
•
•
Join Date: Jun 2004
Posts: 253
Reputation:
Solved Threads: 13
Posting Whiz in Training
Here is what I got after doing that, and running option one again.
Find AWF report by noahdfear ©2006
Version 1.40
The current date is: Fri 10/26/2007
The current time is: 10:40:34.32
bak folders found
~~~~~~~~~~~
Directory of C:\PROGRA~1\HPDIGI~1\BAK
04/13/2006 12:05 PM 90,112 DMAScheduler.exe
1 File(s) 90,112 bytes
Directory of C:\PROGRA~1\MSNMES~1\BAK
0 File(s) 0 bytes
Directory of C:\PROGRA~1\PICASA2\BAK
0 File(s) 0 bytes
Directory of C:\PROGRA~1\REGSHAVE\BAK
02/04/2002 10:32 PM 53,248 REGSHAVE.EXE
1 File(s) 53,248 bytes
Directory of C:\PROGRA~1\WIFD1F~1\BAK
11/03/2006 07:20 PM 866,584 MSASCui.exe
1 File(s) 866,584 bytes
Directory of C:\WINDOWS\CREATOR\BAK
12/14/2004 05:23 AM 663,552 Remind_XP.exe
1 File(s) 663,552 bytes
Directory of C:\WINDOWS\EHOME\BAK
0 File(s) 0 bytes
Directory of C:\WINDOWS\SMINST\BAK
07/23/2005 01:14 AM 237,568 RECGUARD.EXE
1 File(s) 237,568 bytes
Directory of C:\PROGRA~1\GRISOFT\AVGFRE~1\BAK
09/14/2007 09:38 AM 421,888 avgcc.exe
1 File(s) 421,888 bytes
Directory of C:\PROGRA~1\HEWLET~1\HPBOOT~1\BAK
02/16/2006 01:34 AM 249,856 HPBootOp.exe
1 File(s) 249,856 bytes
Directory of C:\PROGRA~1\HP\HPSOFT~1\BAK
02/16/2005 11:11 PM 49,152 HPWuSchd2.exe
1 File(s) 49,152 bytes
Directory of C:\PROGRA~1\YAHOO!\MESSEN~1\BAK
0 File(s) 0 bytes
Directory of C:\PROGRA~1\YAHOO!\SEARCH~1\BAK
06/08/2007 10:59 AM 224,248 SearchProtection.exe
1 File(s) 224,248 bytes
Directory of C:\PROGRA~1\COMMON~1\REAL\UPDATE~1\BAK
07/31/2006 07:16 PM 180,269 realsched.exe
1 File(s) 180,269 bytes
Directory of C:\PROGRA~1\JAVA\JRE16~2.0_0\BIN\BAK
07/12/2007 04:00 AM 132,496 jusched.exe
1 File(s) 132,496 bytes
Directory of C:\PROGRA~1\SNAPFISH\SNAPFI~1\DATA\XTRAS\BAK
01/31/2005 03:06 PM 208,896 mssysmgr.exe
1 File(s) 208,896 bytes
Duplicate files of bak directory contents
~~~~~~~~~~~~~~~~~~~~~~~
90112 Apr 13 2006 "C:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe"
90112 Apr 13 2006 "C:\Program Files\HP DigitalMedia Archive\bak\DMAScheduler.exe"
53248 Feb 4 2002 "C:\Program Files\REGSHAVE\REGSHAVE.EXE"
53248 Feb 4 2002 "C:\Program Files\REGSHAVE\bak\REGSHAVE.EXE"
866584 Nov 3 2006 "C:\Program Files\Windows Defender\MSASCui.exe"
866584 Nov 3 2006 "C:\Program Files\Windows Defender\bak\MSASCui.exe"
663552 Dec 14 2004 "C:\WINDOWS\CREATOR\Remind_XP.exe"
663552 Dec 14 2004 "C:\WINDOWS\CREATOR\bak\Remind_XP.exe"
237568 Jul 23 2005 "C:\WINDOWS\SMINST\RECGUARD.EXE"
237568 Jul 23 2005 "C:\WINDOWS\SMINST\bak\RECGUARD.EXE"
421888 Sep 14 2007 "C:\Program Files\Grisoft\AVG Free\avgcc.exe"
421888 Sep 14 2007 "C:\Program Files\Grisoft\AVG Free\bak\avgcc.exe"
421888 Sep 14 2007 "C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7upd\backup\avgcc.exe"
249856 Feb 16 2006 "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe"
249856 Feb 16 2006 "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\bak\HPBootOp.exe"
49152 Feb 16 2005 "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
49152 Feb 16 2005 "C:\Program Files\HP\HP Software Update\bak\HPWuSchd2.exe"
224248 Jun 8 2007 "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
224248 Jun 8 2007 "C:\Program Files\Yahoo!\Search Protection\bak\SearchProtection.exe"
180269 Jul 31 2006 "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"
180269 Jul 31 2006 "C:\Program Files\Common Files\Real\Update_OB\bak\realsched.exe"
132496 Sep 25 2007 "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
132496 Jul 12 2007 "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
36975 Nov 10 2005 "C:\RECYCLER\S-1-5-21-3809739533-768046810-4258763112-1007\Dc1.0_06\bin\jusched.exe"
49263 Nov 9 2006 "C:\RECYCLER\S-1-5-21-3809739533-768046810-4258763112-1007\Dc2.0_10\bin\jusched.exe"
49263 Oct 12 2006 "C:\RECYCLER\S-1-5-21-3809739533-768046810-4258763112-1007\Dc3.0_09\bin\jusched.exe"
75520 Dec 15 2006 "C:\RECYCLER\S-1-5-21-3809739533-768046810-4258763112-1007\Dc4.0_11\bin\jusched.exe"
132496 Jul 12 2007 "C:\Program Files\Java\jre1.6.0_02\bin\bak\jusched.exe"
208896 Jan 31 2005 "C:\Program Files\Snapfish\Snapfish PhotoShow\data\Xtras\mssysmgr.exe"
208896 Jan 31 2005 "C:\Program Files\Snapfish\Snapfish PhotoShow\data\Xtras\bak\mssysmgr.exe"
end of report
Find AWF report by noahdfear ©2006
Version 1.40
The current date is: Fri 10/26/2007
The current time is: 10:40:34.32
bak folders found
~~~~~~~~~~~
Directory of C:\PROGRA~1\HPDIGI~1\BAK
04/13/2006 12:05 PM 90,112 DMAScheduler.exe
1 File(s) 90,112 bytes
Directory of C:\PROGRA~1\MSNMES~1\BAK
0 File(s) 0 bytes
Directory of C:\PROGRA~1\PICASA2\BAK
0 File(s) 0 bytes
Directory of C:\PROGRA~1\REGSHAVE\BAK
02/04/2002 10:32 PM 53,248 REGSHAVE.EXE
1 File(s) 53,248 bytes
Directory of C:\PROGRA~1\WIFD1F~1\BAK
11/03/2006 07:20 PM 866,584 MSASCui.exe
1 File(s) 866,584 bytes
Directory of C:\WINDOWS\CREATOR\BAK
12/14/2004 05:23 AM 663,552 Remind_XP.exe
1 File(s) 663,552 bytes
Directory of C:\WINDOWS\EHOME\BAK
0 File(s) 0 bytes
Directory of C:\WINDOWS\SMINST\BAK
07/23/2005 01:14 AM 237,568 RECGUARD.EXE
1 File(s) 237,568 bytes
Directory of C:\PROGRA~1\GRISOFT\AVGFRE~1\BAK
09/14/2007 09:38 AM 421,888 avgcc.exe
1 File(s) 421,888 bytes
Directory of C:\PROGRA~1\HEWLET~1\HPBOOT~1\BAK
02/16/2006 01:34 AM 249,856 HPBootOp.exe
1 File(s) 249,856 bytes
Directory of C:\PROGRA~1\HP\HPSOFT~1\BAK
02/16/2005 11:11 PM 49,152 HPWuSchd2.exe
1 File(s) 49,152 bytes
Directory of C:\PROGRA~1\YAHOO!\MESSEN~1\BAK
0 File(s) 0 bytes
Directory of C:\PROGRA~1\YAHOO!\SEARCH~1\BAK
06/08/2007 10:59 AM 224,248 SearchProtection.exe
1 File(s) 224,248 bytes
Directory of C:\PROGRA~1\COMMON~1\REAL\UPDATE~1\BAK
07/31/2006 07:16 PM 180,269 realsched.exe
1 File(s) 180,269 bytes
Directory of C:\PROGRA~1\JAVA\JRE16~2.0_0\BIN\BAK
07/12/2007 04:00 AM 132,496 jusched.exe
1 File(s) 132,496 bytes
Directory of C:\PROGRA~1\SNAPFISH\SNAPFI~1\DATA\XTRAS\BAK
01/31/2005 03:06 PM 208,896 mssysmgr.exe
1 File(s) 208,896 bytes
Duplicate files of bak directory contents
~~~~~~~~~~~~~~~~~~~~~~~
90112 Apr 13 2006 "C:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe"
90112 Apr 13 2006 "C:\Program Files\HP DigitalMedia Archive\bak\DMAScheduler.exe"
53248 Feb 4 2002 "C:\Program Files\REGSHAVE\REGSHAVE.EXE"
53248 Feb 4 2002 "C:\Program Files\REGSHAVE\bak\REGSHAVE.EXE"
866584 Nov 3 2006 "C:\Program Files\Windows Defender\MSASCui.exe"
866584 Nov 3 2006 "C:\Program Files\Windows Defender\bak\MSASCui.exe"
663552 Dec 14 2004 "C:\WINDOWS\CREATOR\Remind_XP.exe"
663552 Dec 14 2004 "C:\WINDOWS\CREATOR\bak\Remind_XP.exe"
237568 Jul 23 2005 "C:\WINDOWS\SMINST\RECGUARD.EXE"
237568 Jul 23 2005 "C:\WINDOWS\SMINST\bak\RECGUARD.EXE"
421888 Sep 14 2007 "C:\Program Files\Grisoft\AVG Free\avgcc.exe"
421888 Sep 14 2007 "C:\Program Files\Grisoft\AVG Free\bak\avgcc.exe"
421888 Sep 14 2007 "C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7upd\backup\avgcc.exe"
249856 Feb 16 2006 "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe"
249856 Feb 16 2006 "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\bak\HPBootOp.exe"
49152 Feb 16 2005 "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
49152 Feb 16 2005 "C:\Program Files\HP\HP Software Update\bak\HPWuSchd2.exe"
224248 Jun 8 2007 "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
224248 Jun 8 2007 "C:\Program Files\Yahoo!\Search Protection\bak\SearchProtection.exe"
180269 Jul 31 2006 "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"
180269 Jul 31 2006 "C:\Program Files\Common Files\Real\Update_OB\bak\realsched.exe"
132496 Sep 25 2007 "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
132496 Jul 12 2007 "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
36975 Nov 10 2005 "C:\RECYCLER\S-1-5-21-3809739533-768046810-4258763112-1007\Dc1.0_06\bin\jusched.exe"
49263 Nov 9 2006 "C:\RECYCLER\S-1-5-21-3809739533-768046810-4258763112-1007\Dc2.0_10\bin\jusched.exe"
49263 Oct 12 2006 "C:\RECYCLER\S-1-5-21-3809739533-768046810-4258763112-1007\Dc3.0_09\bin\jusched.exe"
75520 Dec 15 2006 "C:\RECYCLER\S-1-5-21-3809739533-768046810-4258763112-1007\Dc4.0_11\bin\jusched.exe"
132496 Jul 12 2007 "C:\Program Files\Java\jre1.6.0_02\bin\bak\jusched.exe"
208896 Jan 31 2005 "C:\Program Files\Snapfish\Snapfish PhotoShow\data\Xtras\mssysmgr.exe"
208896 Jan 31 2005 "C:\Program Files\Snapfish\Snapfish PhotoShow\data\Xtras\bak\mssysmgr.exe"
end of report
•
•
Join Date: May 2005
Posts: 3,204
Reputation:
Solved Threads: 188
Sorry, DeOnna, I should have mentioned that, yes, all you would see is a brief flick of a black window. It did its job [if you did, trying it more than once would not have hurt].
So now all the good files are copied back into their original directories, replacing the infected copies. This next step deletes the copy folders:
-option 3, FindAWF: start the program again, select to remove bak folders, into the text file that opens paste all the text between the lines:
_____________________________________________________________
C:\Program Files\HP DigitalMedia Archive\bak
C:\Program Files\REGSHAVE\bak
C:\Program Files\Windows Defender\bak
C:\WINDOWS\CREATOR\bak
C:\WINDOWS\SMINST\bak
C:\Program Files\Grisoft\AVG Free\bak
C:\Program Files\Hewlett-Packard\HP Boot Optimizer\bak
C:\Program Files\HP\HP Software Update\bak
C:\Program Files\Yahoo!\Search Protection\bak
C:\Program Files\Common Files\Real\Update_OB\bak
C:\Program Files\Java\jre1.6.0_02\bin\bak
C:\Program Files\Snapfish\Snapfish PhotoShow\data\Xtras\bak
_____________________________________________________________
-close the text file and click Yes. Please post the contents of the notepad that opens.
Then, if and only if these two sections of the report are empty...:
bak folders found
~~~~~~~~~~~
Duplicate files of bak directory contents
~~~~~~~~~~~~~~~~~~~~~~~
...go ahead and run option 4 next -this will reset your restricted and trusted sites in IE, tools, internet options, security. If you have added trusted sites you will have to re-enter them afterward [for an extra level of security I keep the https box checked here]. That is up to your judgement.
If you use SpywareBlaster, IE-SpyAd, Spybot etc you will need to re-enable their restrictions afterwards.
Say how things are and post a fresh hijackthis log.
Cheers.
So now all the good files are copied back into their original directories, replacing the infected copies. This next step deletes the copy folders:
-option 3, FindAWF: start the program again, select to remove bak folders, into the text file that opens paste all the text between the lines:
_____________________________________________________________
C:\Program Files\HP DigitalMedia Archive\bak
C:\Program Files\REGSHAVE\bak
C:\Program Files\Windows Defender\bak
C:\WINDOWS\CREATOR\bak
C:\WINDOWS\SMINST\bak
C:\Program Files\Grisoft\AVG Free\bak
C:\Program Files\Hewlett-Packard\HP Boot Optimizer\bak
C:\Program Files\HP\HP Software Update\bak
C:\Program Files\Yahoo!\Search Protection\bak
C:\Program Files\Common Files\Real\Update_OB\bak
C:\Program Files\Java\jre1.6.0_02\bin\bak
C:\Program Files\Snapfish\Snapfish PhotoShow\data\Xtras\bak
_____________________________________________________________
-close the text file and click Yes. Please post the contents of the notepad that opens.
Then, if and only if these two sections of the report are empty...:
bak folders found
~~~~~~~~~~~
Duplicate files of bak directory contents
~~~~~~~~~~~~~~~~~~~~~~~
...go ahead and run option 4 next -this will reset your restricted and trusted sites in IE, tools, internet options, security. If you have added trusted sites you will have to re-enter them afterward [for an extra level of security I keep the https box checked here]. That is up to your judgement.
If you use SpywareBlaster, IE-SpyAd, Spybot etc you will need to re-enable their restrictions afterwards.
Say how things are and post a fresh hijackthis log.
Cheers.
Deep, deep in the woods, but walking about.
•
•
Join Date: Jun 2004
Posts: 253
Reputation:
Solved Threads: 13
Posting Whiz in Training
Find AWF report by noahdfear ©2006
Version 1.40
Option 3 run successfully
The current date is: Fri 10/26/2007
The current time is: 21:48:04.53
bak folders found
~~~~~~~~~~~
Directory of C:\PROGRA~1\MSNMES~1\BAK
0 File(s) 0 bytes
Directory of C:\PROGRA~1\PICASA2\BAK
0 File(s) 0 bytes
Directory of C:\WINDOWS\EHOME\BAK
0 File(s) 0 bytes
Directory of C:\PROGRA~1\YAHOO!\MESSEN~1\BAK
0 File(s) 0 bytes
Duplicate files of bak directory contents
~~~~~~~~~~~~~~~~~~~~~~~
end of report
As you can see, no files found. I am going to run the last option now, and post a hijackthis log either tonight or tomorrow morning if I have time before family from out of town gets here. If not, I will post it tomorrow night. Thanks!
Version 1.40
Option 3 run successfully
The current date is: Fri 10/26/2007
The current time is: 21:48:04.53
bak folders found
~~~~~~~~~~~
Directory of C:\PROGRA~1\MSNMES~1\BAK
0 File(s) 0 bytes
Directory of C:\PROGRA~1\PICASA2\BAK
0 File(s) 0 bytes
Directory of C:\WINDOWS\EHOME\BAK
0 File(s) 0 bytes
Directory of C:\PROGRA~1\YAHOO!\MESSEN~1\BAK
0 File(s) 0 bytes
Duplicate files of bak directory contents
~~~~~~~~~~~~~~~~~~~~~~~
end of report
As you can see, no files found. I am going to run the last option now, and post a hijackthis log either tonight or tomorrow morning if I have time before family from out of town gets here. If not, I will post it tomorrow night. Thanks!
|
Similar Threads
- Help Porn Pop-Ups, Error #317 and a red circle icon with white X in Tray (Viruses, Spyware and other Nasties)
- Slow start up;Random quick 1 Sec Installers and then random Pop Ups (Viruses, Spyware and other Nasties)
- spyware, pop-ups and more; amaena?? (Viruses, Spyware and other Nasties)
- ULWindowUrl Pop Ups!!!! (and ULWindowSeek) (Viruses, Spyware and other Nasties)
- IE freezes, also have flash pop-ups. (Viruses, Spyware and other Nasties)
- HJT Log: Pop-ups&Mouse freezes (Viruses, Spyware and other Nasties)
- A better internet.com pop ups (Viruses, Spyware and other Nasties)
- Help! - Hijack log but i need to know what to delete (Viruses, Spyware and other Nasties)
- wow 37 pop ups (Web Browsers)
- Hijack this log - can't get rid of pop ups (Viruses, Spyware and other Nasties)
Other Threads in the Viruses, Spyware and other Nasties Forum
- Previous Thread: Help please
- Next Thread: rundll.exe Bad Image please help
| Thread Tools | Search this Thread |
You need to join our community in order to build your list of favorite forums. You can visit the forum index for a listing of all forums.
Related Forum Features
Latest Viruses, Spyware and other Nasties Posts
adware anti-malware anti-virussitesaccessissue antivirus attack audio avg backtoschoolspeech bar blackhat botnet botnets censorship china commercial commercials conficker connect control crosssitescripting cyber cybercrime cyberwarfare ddos domains e-mafia education email europe exam exploit facebook fake fancheckvirus gaming gumblar halloween herss.exe hijack hosting internet iphone kaspersky legal logfiles mail malware mcafee mega-d messagelabs microsoft mobile nazi news obama onlinethreats paedophile panel parents patch phishing police policeprovirusmba-mblockedinternetaccess president privacy pro problem redirect redirecting reliability report research risk rogueantivirus samhain sans scareware school search security seopoisoning software spam spyware spywareexternalwindows7adminstratortrojans sqlinjection symantec trojan unwanted update usa virus viruses vista war warning windows worm yahoo zeroday
