 |  |  |  |  |  |  |  |
blank pop-ups
 |
•
•
Join Date: May 2005
Posts: 3,204
Reputation: 
Solved Threads: 188
DeOnna, for some reason [not your fault, it's the trojan...] that operation did not fully work, so please repeat option2 with the same block of entries [repeated below]
[We are trying to copy the original files back into their proper locations, overwriting the affected files.]
So:
-option 2, FindAWF: dclick the .exe to start the program, select to restore files, into the text file that opens paste all the text between the lines:
_____________________________________________________________
"C:\Program Files\HP DigitalMedia Archive\bak\DMAScheduler.exe"
"C:\Program Files\Picasa2\bak\PicasaMediaDetector.exe"
"C:\Program Files\REGSHAVE\bak\REGSHAVE.EXE"
"C:\Program Files\Windows Defender\bak\MSASCui.exe"
"C:\WINDOWS\CREATOR\bak\Remind_XP.exe"
"C:\WINDOWS\ehome\bak\ehtray.exe"
"C:\WINDOWS\SMINST\bak\RECGUARD.EXE"
"C:\Program Files\Grisoft\AVG Free\bak\avgcc.exe"
"C:\Program Files\Hewlett-Packard\HP Boot Optimizer\bak\HPBootOp.exe"
"C:\Program Files\HP\HP Software Update\bak\HPWuSchd2.exe"
"C:\Program Files\Yahoo!\Search Protection\bak\SearchProtection.exe"
"C:\Program Files\Common Files\Real\Update_OB\bak\realsched.exe"
"C:\Program Files\Java\jre1.6.0_02\bin\bak\jusched.exe"
"C:\Program Files\Snapfish\Snapfish PhotoShow\data\Xtras\bak\mssysmgr.exe"
_____________________________________________________________
-close the text file and click Yes. Please post the contents of the notepad that opens.
[We are trying to copy the original files back into their proper locations, overwriting the affected files.]
So:
-option 2, FindAWF: dclick the .exe to start the program, select to restore files, into the text file that opens paste all the text between the lines:
_____________________________________________________________
"C:\Program Files\HP DigitalMedia Archive\bak\DMAScheduler.exe"
"C:\Program Files\Picasa2\bak\PicasaMediaDetector.exe"
"C:\Program Files\REGSHAVE\bak\REGSHAVE.EXE"
"C:\Program Files\Windows Defender\bak\MSASCui.exe"
"C:\WINDOWS\CREATOR\bak\Remind_XP.exe"
"C:\WINDOWS\ehome\bak\ehtray.exe"
"C:\WINDOWS\SMINST\bak\RECGUARD.EXE"
"C:\Program Files\Grisoft\AVG Free\bak\avgcc.exe"
"C:\Program Files\Hewlett-Packard\HP Boot Optimizer\bak\HPBootOp.exe"
"C:\Program Files\HP\HP Software Update\bak\HPWuSchd2.exe"
"C:\Program Files\Yahoo!\Search Protection\bak\SearchProtection.exe"
"C:\Program Files\Common Files\Real\Update_OB\bak\realsched.exe"
"C:\Program Files\Java\jre1.6.0_02\bin\bak\jusched.exe"
"C:\Program Files\Snapfish\Snapfish PhotoShow\data\Xtras\bak\mssysmgr.exe"
_____________________________________________________________
-close the text file and click Yes. Please post the contents of the notepad that opens.
Deep, deep in the woods, but walking about.
•
•
Join Date: Jun 2004
Posts: 253
Reputation:
Solved Threads: 13
Posting Whiz in Training
Here you go.....
Find AWF report by noahdfear ©2006
Version 1.40
Option 2 run successfully
The current date is: Fri 10/26/2007
The current time is: 8:43:31.29
bak folders found
~~~~~~~~~~~
Directory of C:\PROGRA~1\HPDIGI~1\BAK
04/13/2006 12:05 PM 90,112 DMAScheduler.exe
1 File(s) 90,112 bytes
Directory of C:\PROGRA~1\MSNMES~1\BAK
0 File(s) 0 bytes
Directory of C:\PROGRA~1\PICASA2\BAK
06/15/2007 07:15 PM 366,400 PicasaMediaDetector.exe
1 File(s) 366,400 bytes
Directory of C:\PROGRA~1\REGSHAVE\BAK
02/04/2002 10:32 PM 53,248 REGSHAVE.EXE
1 File(s) 53,248 bytes
Directory of C:\PROGRA~1\WIFD1F~1\BAK
11/03/2006 07:20 PM 866,584 MSASCui.exe
1 File(s) 866,584 bytes
Directory of C:\WINDOWS\CREATOR\BAK
12/14/2004 05:23 AM 663,552 Remind_XP.exe
1 File(s) 663,552 bytes
Directory of C:\WINDOWS\EHOME\BAK
09/30/2005 12:01 AM 67,584 ehtray.exe
1 File(s) 67,584 bytes
Directory of C:\WINDOWS\SMINST\BAK
07/23/2005 01:14 AM 237,568 RECGUARD.EXE
1 File(s) 237,568 bytes
Directory of C:\PROGRA~1\GRISOFT\AVGFRE~1\BAK
09/14/2007 09:38 AM 421,888 avgcc.exe
1 File(s) 421,888 bytes
Directory of C:\PROGRA~1\HEWLET~1\HPBOOT~1\BAK
02/16/2006 01:34 AM 249,856 HPBootOp.exe
1 File(s) 249,856 bytes
Directory of C:\PROGRA~1\HP\HPSOFT~1\BAK
02/16/2005 11:11 PM 49,152 HPWuSchd2.exe
1 File(s) 49,152 bytes
Directory of C:\PROGRA~1\YAHOO!\MESSEN~1\BAK
0 File(s) 0 bytes
Directory of C:\PROGRA~1\YAHOO!\SEARCH~1\BAK
06/08/2007 10:59 AM 224,248 SearchProtection.exe
1 File(s) 224,248 bytes
Directory of C:\PROGRA~1\COMMON~1\REAL\UPDATE~1\BAK
07/31/2006 07:16 PM 180,269 realsched.exe
1 File(s) 180,269 bytes
Directory of C:\PROGRA~1\JAVA\JRE16~2.0_0\BIN\BAK
07/12/2007 04:00 AM 132,496 jusched.exe
1 File(s) 132,496 bytes
Directory of C:\PROGRA~1\SNAPFISH\SNAPFI~1\DATA\XTRAS\BAK
01/31/2005 03:06 PM 208,896 mssysmgr.exe
1 File(s) 208,896 bytes
Duplicate files of bak directory contents
~~~~~~~~~~~~~~~~~~~~~~~
90112 Apr 13 2006 "C:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe"
90112 Apr 13 2006 "C:\Program Files\HP DigitalMedia Archive\bak\DMAScheduler.exe"
591416 Sep 27 2007 "C:\Program Files\Picasa2\PicasaUpdate.exe"
5388088 Jun 29 2007 "C:\Documents and Settings\HP_Administrator\My Documents\picasaweb-current-setup.exe"
366400 Jun 15 2007 "C:\Program Files\Picasa2\bak\PicasaMediaDetector.exe"
665160 Sep 27 2007 "C:\Program Files\Picasa2\cdautorun\PicasaRestore.exe"
53248 Feb 4 2002 "C:\Program Files\REGSHAVE\REGSHAVE.EXE"
53248 Feb 4 2002 "C:\Program Files\REGSHAVE\bak\REGSHAVE.EXE"
866584 Nov 3 2006 "C:\Program Files\Windows Defender\MSASCui.exe"
866584 Nov 3 2006 "C:\Program Files\Windows Defender\bak\MSASCui.exe"
663552 Dec 14 2004 "C:\WINDOWS\CREATOR\Remind_XP.exe"
663552 Dec 14 2004 "C:\WINDOWS\CREATOR\bak\Remind_XP.exe"
64512 Aug 5 2005 "C:\WINDOWS\$NtUninstallKB908246$\ehtray.exe"
64512 Aug 5 2005 "C:\WINDOWS\ehome\ehtray.exe"
67584 Sep 30 2005 "C:\WINDOWS\ehome\bak\ehtray.exe"
237568 Jul 23 2005 "C:\WINDOWS\SMINST\RECGUARD.EXE"
237568 Jul 23 2005 "C:\WINDOWS\SMINST\bak\RECGUARD.EXE"
421888 Sep 14 2007 "C:\Program Files\Grisoft\AVG Free\avgcc.exe"
421888 Sep 14 2007 "C:\Program Files\Grisoft\AVG Free\bak\avgcc.exe"
421888 Sep 14 2007 "C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7upd\backup\avgcc.exe"
249856 Feb 16 2006 "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe"
249856 Feb 16 2006 "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\bak\HPBootOp.exe"
49152 Feb 16 2005 "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
49152 Feb 16 2005 "C:\Program Files\HP\HP Software Update\bak\HPWuSchd2.exe"
224248 Jun 8 2007 "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
224248 Jun 8 2007 "C:\Program Files\Yahoo!\Search Protection\bak\SearchProtection.exe"
180269 Jul 31 2006 "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"
180269 Jul 31 2006 "C:\Program Files\Common Files\Real\Update_OB\bak\realsched.exe"
132496 Sep 25 2007 "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
132496 Jul 12 2007 "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
36975 Nov 10 2005 "C:\RECYCLER\S-1-5-21-3809739533-768046810-4258763112-1007\Dc1.0_06\bin\jusched.exe"
49263 Nov 9 2006 "C:\RECYCLER\S-1-5-21-3809739533-768046810-4258763112-1007\Dc2.0_10\bin\jusched.exe"
49263 Oct 12 2006 "C:\RECYCLER\S-1-5-21-3809739533-768046810-4258763112-1007\Dc3.0_09\bin\jusched.exe"
75520 Dec 15 2006 "C:\RECYCLER\S-1-5-21-3809739533-768046810-4258763112-1007\Dc4.0_11\bin\jusched.exe"
132496 Jul 12 2007 "C:\Program Files\Java\jre1.6.0_02\bin\bak\jusched.exe"
208896 Jan 31 2005 "C:\Program Files\Snapfish\Snapfish PhotoShow\data\Xtras\mssysmgr.exe"
208896 Jan 31 2005 "C:\Program Files\Snapfish\Snapfish PhotoShow\data\Xtras\bak\mssysmgr.exe"
end of report
Find AWF report by noahdfear ©2006
Version 1.40
Option 2 run successfully
The current date is: Fri 10/26/2007
The current time is: 8:43:31.29
bak folders found
~~~~~~~~~~~
Directory of C:\PROGRA~1\HPDIGI~1\BAK
04/13/2006 12:05 PM 90,112 DMAScheduler.exe
1 File(s) 90,112 bytes
Directory of C:\PROGRA~1\MSNMES~1\BAK
0 File(s) 0 bytes
Directory of C:\PROGRA~1\PICASA2\BAK
06/15/2007 07:15 PM 366,400 PicasaMediaDetector.exe
1 File(s) 366,400 bytes
Directory of C:\PROGRA~1\REGSHAVE\BAK
02/04/2002 10:32 PM 53,248 REGSHAVE.EXE
1 File(s) 53,248 bytes
Directory of C:\PROGRA~1\WIFD1F~1\BAK
11/03/2006 07:20 PM 866,584 MSASCui.exe
1 File(s) 866,584 bytes
Directory of C:\WINDOWS\CREATOR\BAK
12/14/2004 05:23 AM 663,552 Remind_XP.exe
1 File(s) 663,552 bytes
Directory of C:\WINDOWS\EHOME\BAK
09/30/2005 12:01 AM 67,584 ehtray.exe
1 File(s) 67,584 bytes
Directory of C:\WINDOWS\SMINST\BAK
07/23/2005 01:14 AM 237,568 RECGUARD.EXE
1 File(s) 237,568 bytes
Directory of C:\PROGRA~1\GRISOFT\AVGFRE~1\BAK
09/14/2007 09:38 AM 421,888 avgcc.exe
1 File(s) 421,888 bytes
Directory of C:\PROGRA~1\HEWLET~1\HPBOOT~1\BAK
02/16/2006 01:34 AM 249,856 HPBootOp.exe
1 File(s) 249,856 bytes
Directory of C:\PROGRA~1\HP\HPSOFT~1\BAK
02/16/2005 11:11 PM 49,152 HPWuSchd2.exe
1 File(s) 49,152 bytes
Directory of C:\PROGRA~1\YAHOO!\MESSEN~1\BAK
0 File(s) 0 bytes
Directory of C:\PROGRA~1\YAHOO!\SEARCH~1\BAK
06/08/2007 10:59 AM 224,248 SearchProtection.exe
1 File(s) 224,248 bytes
Directory of C:\PROGRA~1\COMMON~1\REAL\UPDATE~1\BAK
07/31/2006 07:16 PM 180,269 realsched.exe
1 File(s) 180,269 bytes
Directory of C:\PROGRA~1\JAVA\JRE16~2.0_0\BIN\BAK
07/12/2007 04:00 AM 132,496 jusched.exe
1 File(s) 132,496 bytes
Directory of C:\PROGRA~1\SNAPFISH\SNAPFI~1\DATA\XTRAS\BAK
01/31/2005 03:06 PM 208,896 mssysmgr.exe
1 File(s) 208,896 bytes
Duplicate files of bak directory contents
~~~~~~~~~~~~~~~~~~~~~~~
90112 Apr 13 2006 "C:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe"
90112 Apr 13 2006 "C:\Program Files\HP DigitalMedia Archive\bak\DMAScheduler.exe"
591416 Sep 27 2007 "C:\Program Files\Picasa2\PicasaUpdate.exe"
5388088 Jun 29 2007 "C:\Documents and Settings\HP_Administrator\My Documents\picasaweb-current-setup.exe"
366400 Jun 15 2007 "C:\Program Files\Picasa2\bak\PicasaMediaDetector.exe"
665160 Sep 27 2007 "C:\Program Files\Picasa2\cdautorun\PicasaRestore.exe"
53248 Feb 4 2002 "C:\Program Files\REGSHAVE\REGSHAVE.EXE"
53248 Feb 4 2002 "C:\Program Files\REGSHAVE\bak\REGSHAVE.EXE"
866584 Nov 3 2006 "C:\Program Files\Windows Defender\MSASCui.exe"
866584 Nov 3 2006 "C:\Program Files\Windows Defender\bak\MSASCui.exe"
663552 Dec 14 2004 "C:\WINDOWS\CREATOR\Remind_XP.exe"
663552 Dec 14 2004 "C:\WINDOWS\CREATOR\bak\Remind_XP.exe"
64512 Aug 5 2005 "C:\WINDOWS\$NtUninstallKB908246$\ehtray.exe"
64512 Aug 5 2005 "C:\WINDOWS\ehome\ehtray.exe"
67584 Sep 30 2005 "C:\WINDOWS\ehome\bak\ehtray.exe"
237568 Jul 23 2005 "C:\WINDOWS\SMINST\RECGUARD.EXE"
237568 Jul 23 2005 "C:\WINDOWS\SMINST\bak\RECGUARD.EXE"
421888 Sep 14 2007 "C:\Program Files\Grisoft\AVG Free\avgcc.exe"
421888 Sep 14 2007 "C:\Program Files\Grisoft\AVG Free\bak\avgcc.exe"
421888 Sep 14 2007 "C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7upd\backup\avgcc.exe"
249856 Feb 16 2006 "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe"
249856 Feb 16 2006 "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\bak\HPBootOp.exe"
49152 Feb 16 2005 "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
49152 Feb 16 2005 "C:\Program Files\HP\HP Software Update\bak\HPWuSchd2.exe"
224248 Jun 8 2007 "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
224248 Jun 8 2007 "C:\Program Files\Yahoo!\Search Protection\bak\SearchProtection.exe"
180269 Jul 31 2006 "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"
180269 Jul 31 2006 "C:\Program Files\Common Files\Real\Update_OB\bak\realsched.exe"
132496 Sep 25 2007 "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
132496 Jul 12 2007 "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
36975 Nov 10 2005 "C:\RECYCLER\S-1-5-21-3809739533-768046810-4258763112-1007\Dc1.0_06\bin\jusched.exe"
49263 Nov 9 2006 "C:\RECYCLER\S-1-5-21-3809739533-768046810-4258763112-1007\Dc2.0_10\bin\jusched.exe"
49263 Oct 12 2006 "C:\RECYCLER\S-1-5-21-3809739533-768046810-4258763112-1007\Dc3.0_09\bin\jusched.exe"
75520 Dec 15 2006 "C:\RECYCLER\S-1-5-21-3809739533-768046810-4258763112-1007\Dc4.0_11\bin\jusched.exe"
132496 Jul 12 2007 "C:\Program Files\Java\jre1.6.0_02\bin\bak\jusched.exe"
208896 Jan 31 2005 "C:\Program Files\Snapfish\Snapfish PhotoShow\data\Xtras\mssysmgr.exe"
208896 Jan 31 2005 "C:\Program Files\Snapfish\Snapfish PhotoShow\data\Xtras\bak\mssysmgr.exe"
end of report
•
•
Join Date: May 2005
Posts: 3,204
Reputation:
Solved Threads: 188
DeOnna, try option 2 again with just these two:
"C:\WINDOWS\ehome\bak\ehtray.exe"
"C:\Program Files\Picasa2\bak\PicasaMediaDetector.exe"
"C:\WINDOWS\ehome\bak\ehtray.exe"
"C:\Program Files\Picasa2\bak\PicasaMediaDetector.exe"
Deep, deep in the woods, but walking about.
•
•
Join Date: Jun 2004
Posts: 253
Reputation:
Solved Threads: 13
Posting Whiz in Training
Find AWF report by noahdfear ©2006
Version 1.40
Option 2 run successfully
The current date is: Fri 10/26/2007
The current time is: 9:37:44.73
bak folders found
~~~~~~~~~~~
Directory of C:\PROGRA~1\HPDIGI~1\BAK
04/13/2006 12:05 PM 90,112 DMAScheduler.exe
1 File(s) 90,112 bytes
Directory of C:\PROGRA~1\MSNMES~1\BAK
0 File(s) 0 bytes
Directory of C:\PROGRA~1\PICASA2\BAK
06/15/2007 07:15 PM 366,400 PicasaMediaDetector.exe
1 File(s) 366,400 bytes
Directory of C:\PROGRA~1\REGSHAVE\BAK
02/04/2002 10:32 PM 53,248 REGSHAVE.EXE
1 File(s) 53,248 bytes
Directory of C:\PROGRA~1\WIFD1F~1\BAK
11/03/2006 07:20 PM 866,584 MSASCui.exe
1 File(s) 866,584 bytes
Directory of C:\WINDOWS\CREATOR\BAK
12/14/2004 05:23 AM 663,552 Remind_XP.exe
1 File(s) 663,552 bytes
Directory of C:\WINDOWS\EHOME\BAK
09/30/2005 12:01 AM 67,584 ehtray.exe
1 File(s) 67,584 bytes
Directory of C:\WINDOWS\SMINST\BAK
07/23/2005 01:14 AM 237,568 RECGUARD.EXE
1 File(s) 237,568 bytes
Directory of C:\PROGRA~1\GRISOFT\AVGFRE~1\BAK
09/14/2007 09:38 AM 421,888 avgcc.exe
1 File(s) 421,888 bytes
Directory of C:\PROGRA~1\HEWLET~1\HPBOOT~1\BAK
02/16/2006 01:34 AM 249,856 HPBootOp.exe
1 File(s) 249,856 bytes
Directory of C:\PROGRA~1\HP\HPSOFT~1\BAK
02/16/2005 11:11 PM 49,152 HPWuSchd2.exe
1 File(s) 49,152 bytes
Directory of C:\PROGRA~1\YAHOO!\MESSEN~1\BAK
0 File(s) 0 bytes
Directory of C:\PROGRA~1\YAHOO!\SEARCH~1\BAK
06/08/2007 10:59 AM 224,248 SearchProtection.exe
1 File(s) 224,248 bytes
Directory of C:\PROGRA~1\COMMON~1\REAL\UPDATE~1\BAK
07/31/2006 07:16 PM 180,269 realsched.exe
1 File(s) 180,269 bytes
Directory of C:\PROGRA~1\JAVA\JRE16~2.0_0\BIN\BAK
07/12/2007 04:00 AM 132,496 jusched.exe
1 File(s) 132,496 bytes
Directory of C:\PROGRA~1\SNAPFISH\SNAPFI~1\DATA\XTRAS\BAK
01/31/2005 03:06 PM 208,896 mssysmgr.exe
1 File(s) 208,896 bytes
Duplicate files of bak directory contents
~~~~~~~~~~~~~~~~~~~~~~~
90112 Apr 13 2006 "C:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe"
90112 Apr 13 2006 "C:\Program Files\HP DigitalMedia Archive\bak\DMAScheduler.exe"
591416 Sep 27 2007 "C:\Program Files\Picasa2\PicasaUpdate.exe"
5388088 Jun 29 2007 "C:\Documents and Settings\HP_Administrator\My Documents\picasaweb-current-setup.exe"
366400 Jun 15 2007 "C:\Program Files\Picasa2\bak\PicasaMediaDetector.exe"
665160 Sep 27 2007 "C:\Program Files\Picasa2\cdautorun\PicasaRestore.exe"
53248 Feb 4 2002 "C:\Program Files\REGSHAVE\REGSHAVE.EXE"
53248 Feb 4 2002 "C:\Program Files\REGSHAVE\bak\REGSHAVE.EXE"
866584 Nov 3 2006 "C:\Program Files\Windows Defender\MSASCui.exe"
866584 Nov 3 2006 "C:\Program Files\Windows Defender\bak\MSASCui.exe"
663552 Dec 14 2004 "C:\WINDOWS\CREATOR\Remind_XP.exe"
663552 Dec 14 2004 "C:\WINDOWS\CREATOR\bak\Remind_XP.exe"
64512 Aug 5 2005 "C:\WINDOWS\$NtUninstallKB908246$\ehtray.exe"
64512 Aug 5 2005 "C:\WINDOWS\ehome\ehtray.exe"
67584 Sep 30 2005 "C:\WINDOWS\ehome\bak\ehtray.exe"
237568 Jul 23 2005 "C:\WINDOWS\SMINST\RECGUARD.EXE"
237568 Jul 23 2005 "C:\WINDOWS\SMINST\bak\RECGUARD.EXE"
421888 Sep 14 2007 "C:\Program Files\Grisoft\AVG Free\avgcc.exe"
421888 Sep 14 2007 "C:\Program Files\Grisoft\AVG Free\bak\avgcc.exe"
421888 Sep 14 2007 "C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7upd\backup\avgcc.exe"
249856 Feb 16 2006 "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe"
249856 Feb 16 2006 "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\bak\HPBootOp.exe"
49152 Feb 16 2005 "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
49152 Feb 16 2005 "C:\Program Files\HP\HP Software Update\bak\HPWuSchd2.exe"
224248 Jun 8 2007 "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
224248 Jun 8 2007 "C:\Program Files\Yahoo!\Search Protection\bak\SearchProtection.exe"
180269 Jul 31 2006 "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"
180269 Jul 31 2006 "C:\Program Files\Common Files\Real\Update_OB\bak\realsched.exe"
132496 Sep 25 2007 "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
132496 Jul 12 2007 "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
36975 Nov 10 2005 "C:\RECYCLER\S-1-5-21-3809739533-768046810-4258763112-1007\Dc1.0_06\bin\jusched.exe"
49263 Nov 9 2006 "C:\RECYCLER\S-1-5-21-3809739533-768046810-4258763112-1007\Dc2.0_10\bin\jusched.exe"
49263 Oct 12 2006 "C:\RECYCLER\S-1-5-21-3809739533-768046810-4258763112-1007\Dc3.0_09\bin\jusched.exe"
75520 Dec 15 2006 "C:\RECYCLER\S-1-5-21-3809739533-768046810-4258763112-1007\Dc4.0_11\bin\jusched.exe"
132496 Jul 12 2007 "C:\Program Files\Java\jre1.6.0_02\bin\bak\jusched.exe"
208896 Jan 31 2005 "C:\Program Files\Snapfish\Snapfish PhotoShow\data\Xtras\mssysmgr.exe"
208896 Jan 31 2005 "C:\Program Files\Snapfish\Snapfish PhotoShow\data\Xtras\bak\mssysmgr.exe"
end of report
Version 1.40
Option 2 run successfully
The current date is: Fri 10/26/2007
The current time is: 9:37:44.73
bak folders found
~~~~~~~~~~~
Directory of C:\PROGRA~1\HPDIGI~1\BAK
04/13/2006 12:05 PM 90,112 DMAScheduler.exe
1 File(s) 90,112 bytes
Directory of C:\PROGRA~1\MSNMES~1\BAK
0 File(s) 0 bytes
Directory of C:\PROGRA~1\PICASA2\BAK
06/15/2007 07:15 PM 366,400 PicasaMediaDetector.exe
1 File(s) 366,400 bytes
Directory of C:\PROGRA~1\REGSHAVE\BAK
02/04/2002 10:32 PM 53,248 REGSHAVE.EXE
1 File(s) 53,248 bytes
Directory of C:\PROGRA~1\WIFD1F~1\BAK
11/03/2006 07:20 PM 866,584 MSASCui.exe
1 File(s) 866,584 bytes
Directory of C:\WINDOWS\CREATOR\BAK
12/14/2004 05:23 AM 663,552 Remind_XP.exe
1 File(s) 663,552 bytes
Directory of C:\WINDOWS\EHOME\BAK
09/30/2005 12:01 AM 67,584 ehtray.exe
1 File(s) 67,584 bytes
Directory of C:\WINDOWS\SMINST\BAK
07/23/2005 01:14 AM 237,568 RECGUARD.EXE
1 File(s) 237,568 bytes
Directory of C:\PROGRA~1\GRISOFT\AVGFRE~1\BAK
09/14/2007 09:38 AM 421,888 avgcc.exe
1 File(s) 421,888 bytes
Directory of C:\PROGRA~1\HEWLET~1\HPBOOT~1\BAK
02/16/2006 01:34 AM 249,856 HPBootOp.exe
1 File(s) 249,856 bytes
Directory of C:\PROGRA~1\HP\HPSOFT~1\BAK
02/16/2005 11:11 PM 49,152 HPWuSchd2.exe
1 File(s) 49,152 bytes
Directory of C:\PROGRA~1\YAHOO!\MESSEN~1\BAK
0 File(s) 0 bytes
Directory of C:\PROGRA~1\YAHOO!\SEARCH~1\BAK
06/08/2007 10:59 AM 224,248 SearchProtection.exe
1 File(s) 224,248 bytes
Directory of C:\PROGRA~1\COMMON~1\REAL\UPDATE~1\BAK
07/31/2006 07:16 PM 180,269 realsched.exe
1 File(s) 180,269 bytes
Directory of C:\PROGRA~1\JAVA\JRE16~2.0_0\BIN\BAK
07/12/2007 04:00 AM 132,496 jusched.exe
1 File(s) 132,496 bytes
Directory of C:\PROGRA~1\SNAPFISH\SNAPFI~1\DATA\XTRAS\BAK
01/31/2005 03:06 PM 208,896 mssysmgr.exe
1 File(s) 208,896 bytes
Duplicate files of bak directory contents
~~~~~~~~~~~~~~~~~~~~~~~
90112 Apr 13 2006 "C:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe"
90112 Apr 13 2006 "C:\Program Files\HP DigitalMedia Archive\bak\DMAScheduler.exe"
591416 Sep 27 2007 "C:\Program Files\Picasa2\PicasaUpdate.exe"
5388088 Jun 29 2007 "C:\Documents and Settings\HP_Administrator\My Documents\picasaweb-current-setup.exe"
366400 Jun 15 2007 "C:\Program Files\Picasa2\bak\PicasaMediaDetector.exe"
665160 Sep 27 2007 "C:\Program Files\Picasa2\cdautorun\PicasaRestore.exe"
53248 Feb 4 2002 "C:\Program Files\REGSHAVE\REGSHAVE.EXE"
53248 Feb 4 2002 "C:\Program Files\REGSHAVE\bak\REGSHAVE.EXE"
866584 Nov 3 2006 "C:\Program Files\Windows Defender\MSASCui.exe"
866584 Nov 3 2006 "C:\Program Files\Windows Defender\bak\MSASCui.exe"
663552 Dec 14 2004 "C:\WINDOWS\CREATOR\Remind_XP.exe"
663552 Dec 14 2004 "C:\WINDOWS\CREATOR\bak\Remind_XP.exe"
64512 Aug 5 2005 "C:\WINDOWS\$NtUninstallKB908246$\ehtray.exe"
64512 Aug 5 2005 "C:\WINDOWS\ehome\ehtray.exe"
67584 Sep 30 2005 "C:\WINDOWS\ehome\bak\ehtray.exe"
237568 Jul 23 2005 "C:\WINDOWS\SMINST\RECGUARD.EXE"
237568 Jul 23 2005 "C:\WINDOWS\SMINST\bak\RECGUARD.EXE"
421888 Sep 14 2007 "C:\Program Files\Grisoft\AVG Free\avgcc.exe"
421888 Sep 14 2007 "C:\Program Files\Grisoft\AVG Free\bak\avgcc.exe"
421888 Sep 14 2007 "C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7upd\backup\avgcc.exe"
249856 Feb 16 2006 "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe"
249856 Feb 16 2006 "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\bak\HPBootOp.exe"
49152 Feb 16 2005 "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
49152 Feb 16 2005 "C:\Program Files\HP\HP Software Update\bak\HPWuSchd2.exe"
224248 Jun 8 2007 "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
224248 Jun 8 2007 "C:\Program Files\Yahoo!\Search Protection\bak\SearchProtection.exe"
180269 Jul 31 2006 "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"
180269 Jul 31 2006 "C:\Program Files\Common Files\Real\Update_OB\bak\realsched.exe"
132496 Sep 25 2007 "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
132496 Jul 12 2007 "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
36975 Nov 10 2005 "C:\RECYCLER\S-1-5-21-3809739533-768046810-4258763112-1007\Dc1.0_06\bin\jusched.exe"
49263 Nov 9 2006 "C:\RECYCLER\S-1-5-21-3809739533-768046810-4258763112-1007\Dc2.0_10\bin\jusched.exe"
49263 Oct 12 2006 "C:\RECYCLER\S-1-5-21-3809739533-768046810-4258763112-1007\Dc3.0_09\bin\jusched.exe"
75520 Dec 15 2006 "C:\RECYCLER\S-1-5-21-3809739533-768046810-4258763112-1007\Dc4.0_11\bin\jusched.exe"
132496 Jul 12 2007 "C:\Program Files\Java\jre1.6.0_02\bin\bak\jusched.exe"
208896 Jan 31 2005 "C:\Program Files\Snapfish\Snapfish PhotoShow\data\Xtras\mssysmgr.exe"
208896 Jan 31 2005 "C:\Program Files\Snapfish\Snapfish PhotoShow\data\Xtras\bak\mssysmgr.exe"
end of report
•
•
Join Date: May 2005
Posts: 3,204
Reputation:
Solved Threads: 188
Nope, it is failing on those two again. So we'll try it the brute force way.
==Please copy the text between the lines to a notepad [format/wordwrap unchecked] and save as fixawf.bat, as type "all files", to your desktop; dclick it to run.
__________________________________________________________
if exist "C:\WINDOWS\ehome\ehtray.exe" del /q "C:\WINDOWS\ehome\ehtray.exe"
copy "C:\WINDOWS\ehome\bak\ehtray.exe" "C:\WINDOWS\ehome"
if exist "C:\WINDOWS\$NtUninstallKB908246$\ehtray.exe" del /q "C:\WINDOWS\$NtUninstallKB908246$\ehtray.exe"
copy "C:\WINDOWS\ehome\bak\ehtray.exe" "C:\WINDOWS\$NtUninstallKB908246$"
del /q "C:\WINDOWS\ehome\bak\ehtray.exe"
if exist "C:\Program Files\Picasa2\PicasaMediaDetector.exe" del /q "C:\Program Files\Picasa2\PicasaMediaDetector.exe"
copy "C:\Program Files\Picasa2\bak\PicasaMediaDetector.exe" "C:\Program Files\Picasa2"
del /q "C:\Program Files\Picasa2\bak\PicasaMediaDetector.exe"
__________________________________________________________
Finally run option 1 again so that I may check the replacements.
==Please copy the text between the lines to a notepad [format/wordwrap unchecked] and save as fixawf.bat, as type "all files", to your desktop; dclick it to run.
__________________________________________________________
if exist "C:\WINDOWS\ehome\ehtray.exe" del /q "C:\WINDOWS\ehome\ehtray.exe"
copy "C:\WINDOWS\ehome\bak\ehtray.exe" "C:\WINDOWS\ehome"
if exist "C:\WINDOWS\$NtUninstallKB908246$\ehtray.exe" del /q "C:\WINDOWS\$NtUninstallKB908246$\ehtray.exe"
copy "C:\WINDOWS\ehome\bak\ehtray.exe" "C:\WINDOWS\$NtUninstallKB908246$"
del /q "C:\WINDOWS\ehome\bak\ehtray.exe"
if exist "C:\Program Files\Picasa2\PicasaMediaDetector.exe" del /q "C:\Program Files\Picasa2\PicasaMediaDetector.exe"
copy "C:\Program Files\Picasa2\bak\PicasaMediaDetector.exe" "C:\Program Files\Picasa2"
del /q "C:\Program Files\Picasa2\bak\PicasaMediaDetector.exe"
__________________________________________________________
Finally run option 1 again so that I may check the replacements.
Last edited by gerbil; Oct 26th, 2007 at 11:16 am.
Deep, deep in the woods, but walking about.
•
•
Join Date: May 2005
Posts: 3,204
Reputation:
Solved Threads: 188
Grinning here... that't the final edit. Run it.
And it's bedtime for me now.
And it's bedtime for me now.
Last edited by gerbil; Oct 26th, 2007 at 11:24 am.
Deep, deep in the woods, but walking about.
•
•
Join Date: Jun 2004
Posts: 253
Reputation:
Solved Threads: 13
Posting Whiz in Training
Ok, when I do that and double click on it, it opens for just a second and then closes again.....am I doing something wrong? Thanks again!
DeOnna
DeOnna
•
•
Join Date: Jun 2004
Posts: 253
Reputation:
Solved Threads: 13
Posting Whiz in Training
Here is what I got after doing that, and running option one again.
Find AWF report by noahdfear ©2006
Version 1.40
The current date is: Fri 10/26/2007
The current time is: 10:40:34.32
bak folders found
~~~~~~~~~~~
Directory of C:\PROGRA~1\HPDIGI~1\BAK
04/13/2006 12:05 PM 90,112 DMAScheduler.exe
1 File(s) 90,112 bytes
Directory of C:\PROGRA~1\MSNMES~1\BAK
0 File(s) 0 bytes
Directory of C:\PROGRA~1\PICASA2\BAK
0 File(s) 0 bytes
Directory of C:\PROGRA~1\REGSHAVE\BAK
02/04/2002 10:32 PM 53,248 REGSHAVE.EXE
1 File(s) 53,248 bytes
Directory of C:\PROGRA~1\WIFD1F~1\BAK
11/03/2006 07:20 PM 866,584 MSASCui.exe
1 File(s) 866,584 bytes
Directory of C:\WINDOWS\CREATOR\BAK
12/14/2004 05:23 AM 663,552 Remind_XP.exe
1 File(s) 663,552 bytes
Directory of C:\WINDOWS\EHOME\BAK
0 File(s) 0 bytes
Directory of C:\WINDOWS\SMINST\BAK
07/23/2005 01:14 AM 237,568 RECGUARD.EXE
1 File(s) 237,568 bytes
Directory of C:\PROGRA~1\GRISOFT\AVGFRE~1\BAK
09/14/2007 09:38 AM 421,888 avgcc.exe
1 File(s) 421,888 bytes
Directory of C:\PROGRA~1\HEWLET~1\HPBOOT~1\BAK
02/16/2006 01:34 AM 249,856 HPBootOp.exe
1 File(s) 249,856 bytes
Directory of C:\PROGRA~1\HP\HPSOFT~1\BAK
02/16/2005 11:11 PM 49,152 HPWuSchd2.exe
1 File(s) 49,152 bytes
Directory of C:\PROGRA~1\YAHOO!\MESSEN~1\BAK
0 File(s) 0 bytes
Directory of C:\PROGRA~1\YAHOO!\SEARCH~1\BAK
06/08/2007 10:59 AM 224,248 SearchProtection.exe
1 File(s) 224,248 bytes
Directory of C:\PROGRA~1\COMMON~1\REAL\UPDATE~1\BAK
07/31/2006 07:16 PM 180,269 realsched.exe
1 File(s) 180,269 bytes
Directory of C:\PROGRA~1\JAVA\JRE16~2.0_0\BIN\BAK
07/12/2007 04:00 AM 132,496 jusched.exe
1 File(s) 132,496 bytes
Directory of C:\PROGRA~1\SNAPFISH\SNAPFI~1\DATA\XTRAS\BAK
01/31/2005 03:06 PM 208,896 mssysmgr.exe
1 File(s) 208,896 bytes
Duplicate files of bak directory contents
~~~~~~~~~~~~~~~~~~~~~~~
90112 Apr 13 2006 "C:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe"
90112 Apr 13 2006 "C:\Program Files\HP DigitalMedia Archive\bak\DMAScheduler.exe"
53248 Feb 4 2002 "C:\Program Files\REGSHAVE\REGSHAVE.EXE"
53248 Feb 4 2002 "C:\Program Files\REGSHAVE\bak\REGSHAVE.EXE"
866584 Nov 3 2006 "C:\Program Files\Windows Defender\MSASCui.exe"
866584 Nov 3 2006 "C:\Program Files\Windows Defender\bak\MSASCui.exe"
663552 Dec 14 2004 "C:\WINDOWS\CREATOR\Remind_XP.exe"
663552 Dec 14 2004 "C:\WINDOWS\CREATOR\bak\Remind_XP.exe"
237568 Jul 23 2005 "C:\WINDOWS\SMINST\RECGUARD.EXE"
237568 Jul 23 2005 "C:\WINDOWS\SMINST\bak\RECGUARD.EXE"
421888 Sep 14 2007 "C:\Program Files\Grisoft\AVG Free\avgcc.exe"
421888 Sep 14 2007 "C:\Program Files\Grisoft\AVG Free\bak\avgcc.exe"
421888 Sep 14 2007 "C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7upd\backup\avgcc.exe"
249856 Feb 16 2006 "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe"
249856 Feb 16 2006 "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\bak\HPBootOp.exe"
49152 Feb 16 2005 "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
49152 Feb 16 2005 "C:\Program Files\HP\HP Software Update\bak\HPWuSchd2.exe"
224248 Jun 8 2007 "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
224248 Jun 8 2007 "C:\Program Files\Yahoo!\Search Protection\bak\SearchProtection.exe"
180269 Jul 31 2006 "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"
180269 Jul 31 2006 "C:\Program Files\Common Files\Real\Update_OB\bak\realsched.exe"
132496 Sep 25 2007 "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
132496 Jul 12 2007 "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
36975 Nov 10 2005 "C:\RECYCLER\S-1-5-21-3809739533-768046810-4258763112-1007\Dc1.0_06\bin\jusched.exe"
49263 Nov 9 2006 "C:\RECYCLER\S-1-5-21-3809739533-768046810-4258763112-1007\Dc2.0_10\bin\jusched.exe"
49263 Oct 12 2006 "C:\RECYCLER\S-1-5-21-3809739533-768046810-4258763112-1007\Dc3.0_09\bin\jusched.exe"
75520 Dec 15 2006 "C:\RECYCLER\S-1-5-21-3809739533-768046810-4258763112-1007\Dc4.0_11\bin\jusched.exe"
132496 Jul 12 2007 "C:\Program Files\Java\jre1.6.0_02\bin\bak\jusched.exe"
208896 Jan 31 2005 "C:\Program Files\Snapfish\Snapfish PhotoShow\data\Xtras\mssysmgr.exe"
208896 Jan 31 2005 "C:\Program Files\Snapfish\Snapfish PhotoShow\data\Xtras\bak\mssysmgr.exe"
end of report
Find AWF report by noahdfear ©2006
Version 1.40
The current date is: Fri 10/26/2007
The current time is: 10:40:34.32
bak folders found
~~~~~~~~~~~
Directory of C:\PROGRA~1\HPDIGI~1\BAK
04/13/2006 12:05 PM 90,112 DMAScheduler.exe
1 File(s) 90,112 bytes
Directory of C:\PROGRA~1\MSNMES~1\BAK
0 File(s) 0 bytes
Directory of C:\PROGRA~1\PICASA2\BAK
0 File(s) 0 bytes
Directory of C:\PROGRA~1\REGSHAVE\BAK
02/04/2002 10:32 PM 53,248 REGSHAVE.EXE
1 File(s) 53,248 bytes
Directory of C:\PROGRA~1\WIFD1F~1\BAK
11/03/2006 07:20 PM 866,584 MSASCui.exe
1 File(s) 866,584 bytes
Directory of C:\WINDOWS\CREATOR\BAK
12/14/2004 05:23 AM 663,552 Remind_XP.exe
1 File(s) 663,552 bytes
Directory of C:\WINDOWS\EHOME\BAK
0 File(s) 0 bytes
Directory of C:\WINDOWS\SMINST\BAK
07/23/2005 01:14 AM 237,568 RECGUARD.EXE
1 File(s) 237,568 bytes
Directory of C:\PROGRA~1\GRISOFT\AVGFRE~1\BAK
09/14/2007 09:38 AM 421,888 avgcc.exe
1 File(s) 421,888 bytes
Directory of C:\PROGRA~1\HEWLET~1\HPBOOT~1\BAK
02/16/2006 01:34 AM 249,856 HPBootOp.exe
1 File(s) 249,856 bytes
Directory of C:\PROGRA~1\HP\HPSOFT~1\BAK
02/16/2005 11:11 PM 49,152 HPWuSchd2.exe
1 File(s) 49,152 bytes
Directory of C:\PROGRA~1\YAHOO!\MESSEN~1\BAK
0 File(s) 0 bytes
Directory of C:\PROGRA~1\YAHOO!\SEARCH~1\BAK
06/08/2007 10:59 AM 224,248 SearchProtection.exe
1 File(s) 224,248 bytes
Directory of C:\PROGRA~1\COMMON~1\REAL\UPDATE~1\BAK
07/31/2006 07:16 PM 180,269 realsched.exe
1 File(s) 180,269 bytes
Directory of C:\PROGRA~1\JAVA\JRE16~2.0_0\BIN\BAK
07/12/2007 04:00 AM 132,496 jusched.exe
1 File(s) 132,496 bytes
Directory of C:\PROGRA~1\SNAPFISH\SNAPFI~1\DATA\XTRAS\BAK
01/31/2005 03:06 PM 208,896 mssysmgr.exe
1 File(s) 208,896 bytes
Duplicate files of bak directory contents
~~~~~~~~~~~~~~~~~~~~~~~
90112 Apr 13 2006 "C:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe"
90112 Apr 13 2006 "C:\Program Files\HP DigitalMedia Archive\bak\DMAScheduler.exe"
53248 Feb 4 2002 "C:\Program Files\REGSHAVE\REGSHAVE.EXE"
53248 Feb 4 2002 "C:\Program Files\REGSHAVE\bak\REGSHAVE.EXE"
866584 Nov 3 2006 "C:\Program Files\Windows Defender\MSASCui.exe"
866584 Nov 3 2006 "C:\Program Files\Windows Defender\bak\MSASCui.exe"
663552 Dec 14 2004 "C:\WINDOWS\CREATOR\Remind_XP.exe"
663552 Dec 14 2004 "C:\WINDOWS\CREATOR\bak\Remind_XP.exe"
237568 Jul 23 2005 "C:\WINDOWS\SMINST\RECGUARD.EXE"
237568 Jul 23 2005 "C:\WINDOWS\SMINST\bak\RECGUARD.EXE"
421888 Sep 14 2007 "C:\Program Files\Grisoft\AVG Free\avgcc.exe"
421888 Sep 14 2007 "C:\Program Files\Grisoft\AVG Free\bak\avgcc.exe"
421888 Sep 14 2007 "C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7upd\backup\avgcc.exe"
249856 Feb 16 2006 "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe"
249856 Feb 16 2006 "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\bak\HPBootOp.exe"
49152 Feb 16 2005 "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
49152 Feb 16 2005 "C:\Program Files\HP\HP Software Update\bak\HPWuSchd2.exe"
224248 Jun 8 2007 "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
224248 Jun 8 2007 "C:\Program Files\Yahoo!\Search Protection\bak\SearchProtection.exe"
180269 Jul 31 2006 "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"
180269 Jul 31 2006 "C:\Program Files\Common Files\Real\Update_OB\bak\realsched.exe"
132496 Sep 25 2007 "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
132496 Jul 12 2007 "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
36975 Nov 10 2005 "C:\RECYCLER\S-1-5-21-3809739533-768046810-4258763112-1007\Dc1.0_06\bin\jusched.exe"
49263 Nov 9 2006 "C:\RECYCLER\S-1-5-21-3809739533-768046810-4258763112-1007\Dc2.0_10\bin\jusched.exe"
49263 Oct 12 2006 "C:\RECYCLER\S-1-5-21-3809739533-768046810-4258763112-1007\Dc3.0_09\bin\jusched.exe"
75520 Dec 15 2006 "C:\RECYCLER\S-1-5-21-3809739533-768046810-4258763112-1007\Dc4.0_11\bin\jusched.exe"
132496 Jul 12 2007 "C:\Program Files\Java\jre1.6.0_02\bin\bak\jusched.exe"
208896 Jan 31 2005 "C:\Program Files\Snapfish\Snapfish PhotoShow\data\Xtras\mssysmgr.exe"
208896 Jan 31 2005 "C:\Program Files\Snapfish\Snapfish PhotoShow\data\Xtras\bak\mssysmgr.exe"
end of report
•
•
Join Date: May 2005
Posts: 3,204
Reputation:
Solved Threads: 188
Sorry, DeOnna, I should have mentioned that, yes, all you would see is a brief flick of a black window. It did its job [if you did, trying it more than once would not have hurt].
So now all the good files are copied back into their original directories, replacing the infected copies. This next step deletes the copy folders:
-option 3, FindAWF: start the program again, select to remove bak folders, into the text file that opens paste all the text between the lines:
_____________________________________________________________
C:\Program Files\HP DigitalMedia Archive\bak
C:\Program Files\REGSHAVE\bak
C:\Program Files\Windows Defender\bak
C:\WINDOWS\CREATOR\bak
C:\WINDOWS\SMINST\bak
C:\Program Files\Grisoft\AVG Free\bak
C:\Program Files\Hewlett-Packard\HP Boot Optimizer\bak
C:\Program Files\HP\HP Software Update\bak
C:\Program Files\Yahoo!\Search Protection\bak
C:\Program Files\Common Files\Real\Update_OB\bak
C:\Program Files\Java\jre1.6.0_02\bin\bak
C:\Program Files\Snapfish\Snapfish PhotoShow\data\Xtras\bak
_____________________________________________________________
-close the text file and click Yes. Please post the contents of the notepad that opens.
Then, if and only if these two sections of the report are empty...:
bak folders found
~~~~~~~~~~~
Duplicate files of bak directory contents
~~~~~~~~~~~~~~~~~~~~~~~
...go ahead and run option 4 next -this will reset your restricted and trusted sites in IE, tools, internet options, security. If you have added trusted sites you will have to re-enter them afterward [for an extra level of security I keep the https box checked here]. That is up to your judgement.
If you use SpywareBlaster, IE-SpyAd, Spybot etc you will need to re-enable their restrictions afterwards.
Say how things are and post a fresh hijackthis log.
Cheers.
So now all the good files are copied back into their original directories, replacing the infected copies. This next step deletes the copy folders:
-option 3, FindAWF: start the program again, select to remove bak folders, into the text file that opens paste all the text between the lines:
_____________________________________________________________
C:\Program Files\HP DigitalMedia Archive\bak
C:\Program Files\REGSHAVE\bak
C:\Program Files\Windows Defender\bak
C:\WINDOWS\CREATOR\bak
C:\WINDOWS\SMINST\bak
C:\Program Files\Grisoft\AVG Free\bak
C:\Program Files\Hewlett-Packard\HP Boot Optimizer\bak
C:\Program Files\HP\HP Software Update\bak
C:\Program Files\Yahoo!\Search Protection\bak
C:\Program Files\Common Files\Real\Update_OB\bak
C:\Program Files\Java\jre1.6.0_02\bin\bak
C:\Program Files\Snapfish\Snapfish PhotoShow\data\Xtras\bak
_____________________________________________________________
-close the text file and click Yes. Please post the contents of the notepad that opens.
Then, if and only if these two sections of the report are empty...:
bak folders found
~~~~~~~~~~~
Duplicate files of bak directory contents
~~~~~~~~~~~~~~~~~~~~~~~
...go ahead and run option 4 next -this will reset your restricted and trusted sites in IE, tools, internet options, security. If you have added trusted sites you will have to re-enter them afterward [for an extra level of security I keep the https box checked here]. That is up to your judgement.
If you use SpywareBlaster, IE-SpyAd, Spybot etc you will need to re-enable their restrictions afterwards.
Say how things are and post a fresh hijackthis log.
Cheers.
Deep, deep in the woods, but walking about.
•
•
Join Date: Jun 2004
Posts: 253
Reputation:
Solved Threads: 13
Posting Whiz in Training
Find AWF report by noahdfear ©2006
Version 1.40
Option 3 run successfully
The current date is: Fri 10/26/2007
The current time is: 21:48:04.53
bak folders found
~~~~~~~~~~~
Directory of C:\PROGRA~1\MSNMES~1\BAK
0 File(s) 0 bytes
Directory of C:\PROGRA~1\PICASA2\BAK
0 File(s) 0 bytes
Directory of C:\WINDOWS\EHOME\BAK
0 File(s) 0 bytes
Directory of C:\PROGRA~1\YAHOO!\MESSEN~1\BAK
0 File(s) 0 bytes
Duplicate files of bak directory contents
~~~~~~~~~~~~~~~~~~~~~~~
end of report
As you can see, no files found. I am going to run the last option now, and post a hijackthis log either tonight or tomorrow morning if I have time before family from out of town gets here. If not, I will post it tomorrow night. Thanks!
Version 1.40
Option 3 run successfully
The current date is: Fri 10/26/2007
The current time is: 21:48:04.53
bak folders found
~~~~~~~~~~~
Directory of C:\PROGRA~1\MSNMES~1\BAK
0 File(s) 0 bytes
Directory of C:\PROGRA~1\PICASA2\BAK
0 File(s) 0 bytes
Directory of C:\WINDOWS\EHOME\BAK
0 File(s) 0 bytes
Directory of C:\PROGRA~1\YAHOO!\MESSEN~1\BAK
0 File(s) 0 bytes
Duplicate files of bak directory contents
~~~~~~~~~~~~~~~~~~~~~~~
end of report
As you can see, no files found. I am going to run the last option now, and post a hijackthis log either tonight or tomorrow morning if I have time before family from out of town gets here. If not, I will post it tomorrow night. Thanks!
|
Similar Threads
- Help Porn Pop-Ups, Error #317 and a red circle icon with white X in Tray (Viruses, Spyware and other Nasties)
- Slow start up;Random quick 1 Sec Installers and then random Pop Ups (Viruses, Spyware and other Nasties)
- spyware, pop-ups and more; amaena?? (Viruses, Spyware and other Nasties)
- ULWindowUrl Pop Ups!!!! (and ULWindowSeek) (Viruses, Spyware and other Nasties)
- IE freezes, also have flash pop-ups. (Viruses, Spyware and other Nasties)
- HJT Log: Pop-ups&Mouse freezes (Viruses, Spyware and other Nasties)
- A better internet.com pop ups (Viruses, Spyware and other Nasties)
- Help! - Hijack log but i need to know what to delete (Viruses, Spyware and other Nasties)
- wow 37 pop ups (Web Browsers)
- Hijack this log - can't get rid of pop ups (Viruses, Spyware and other Nasties)
Other Threads in the Viruses, Spyware and other Nasties Forum
- Previous Thread: Help please
- Next Thread: rundll.exe Bad Image please help
| Thread Tools | Search this Thread |
You need to join our community in order to build your list of favorite forums. You can visit the forum index for a listing of all forums.
Related Forum Features
Latest Viruses, Spyware and other Nasties Posts
adware anti-malware anti-virussitesaccessissue antivirus apple audio avg bar blackhat botnet botnets censorship commercial commercials conficker connect crosssitescripting cyber cybercrime cyberwarfare ddos domains e-mafia education email europe exam exploit facebook fake fancheckvirus gaming gtaiv gumblar halloween herss.exe hijack hosting internet iphone kaspersky legal logfiles mail malware mcafee mega-d messagelabs microsoft mobile msn nazi news obama onlinethreats paedophile panel parents patch phishing police policeprovirusmba-mblockedinternetaccess president privacy pro problem redirecting reliability report research risk samhain sans scareware school search security sites software spam spyware spywareexternalwindows7adminstratortrojans sqlinjection symantec system teen translate trojan unabletoaccessanti-virussites unwanted usa virus viruses vista war warning windows worm yahoo zeroday
