PDA

View Full Version : I think I've been Hijacked



Fred999
2008-02-02, 20:10
I think I'm infected with something. IE keeps taking me to websites related to virus removal. Firefox I think is ok, but I'm not 100% sure.

Thanks in advance for any help!


HJT Log below -- Kaspersky to follow in next posting:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:56:07 PM, on 2/2/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\VTTimer.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\PROGRA~1\McAfee\MPS\mps.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Sandboxie\SandboxieServer.exe
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\McAfee\MPS\mpsevh.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.boston.com/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptcl.dll
O2 - BHO: (no name) - {890696D0-1360-4767-BAF2-82975DA9543F} - C:\WINDOWS\system32\bootvi.dll
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [VTPreset] VTPreset.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: Epson printer Registration.lnk = D:\Titles\Register\EPSONREG.EXE
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: VPN Client.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.whataboutadog.com
O15 - Trusted Zone: *.whataboutarabit.com
O16 - DPF: {05D96F71-87C6-11D3-9BE4-00902742D6E0} (QuickPlace Class) - http://quickplace.stonehill.edu/qp2.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1122332121816
O16 - DPF: {A93D84FD-641F-43AE-B963-E6FA84BE7FE7} (LinkSys Content Update) - http://www.linksysfix.com/netcheck/67/install/gtdownls.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
O16 - DPF: {DBA230D1-8467-4e69-987E-5FAE815A3B45} -
O16 - DPF: {F5D98C43-DB16-11CF-8ECA-0000C0FD59C7} (ActiveCGM Control) - file://C:\Program Files\Geomedia active x\Acgm.cab
O23 - Service: McAfee Application Installer Cleanup (0003401201875686) (0003401201875686mcinstcleanup) - Unknown owner - C:\DOCUME~1\ENDUSE~1\LOCALS~1\Temp\000340~1.EXE (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\PROGRA~1\McAfee\MPS\mps.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Sandboxie Service (SandboxU) - tzuk - C:\Program Files\Sandboxie\SandboxieServer.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 10098 bytes

Fred999
2008-02-02, 20:11
-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Saturday, February 02, 2008 12:35:37 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 2/02/2008
Kaspersky Anti-Virus database records: 545970
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\
F:\

Scan Statistics:
Total number of scanned objects: 77635
Number of viruses found: 1
Number of infected objects: 4
Number of suspicious objects: 0
Duration of the scan process: 01:18:58

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\McAfee\MNA\NAData Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\MPF\data\log.edb Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\MPF\data\logout.edb Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\MSC\Logs\Events.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\MSC\Logs\Settings.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\MSC\Logs\{5AC0C670-9447-4EB4-818D-F083FBC9002F}.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\MSC\Logs\{5AC0C670-9447-4EB4-818D-F083FBC9002F}.log-journal Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\MSC\McUsers.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Data\TFR1.tmp Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Logs\OAS.Log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\settings.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0B840000\4F9D7018.VBN Infected: Trojan.Win32.Agent.bxj skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0CF00000\4FFDDE25.VBN Infected: Trojan.Win32.Agent.bxj skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0CF00001\4FFE8DE7.VBN Infected: Trojan.Win32.Agent.bxj skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0CF00002\4FFE9984.VBN Infected: Trojan.Win32.Agent.bxj skipped
C:\Documents and Settings\End User\Application Data\Mozilla\Firefox\Profiles\w9wus9dz.default\cert8.db Object is locked skipped
C:\Documents and Settings\End User\Application Data\Mozilla\Firefox\Profiles\w9wus9dz.default\history.dat Object is locked skipped
C:\Documents and Settings\End User\Application Data\Mozilla\Firefox\Profiles\w9wus9dz.default\key3.db Object is locked skipped
C:\Documents and Settings\End User\Application Data\Mozilla\Firefox\Profiles\w9wus9dz.default\parent.lock Object is locked skipped
C:\Documents and Settings\End User\Application Data\Mozilla\Firefox\Profiles\w9wus9dz.default\search.sqlite Object is locked skipped
C:\Documents and Settings\End User\Application Data\Mozilla\Firefox\Profiles\w9wus9dz.default\urlclassifier2.sqlite Object is locked skipped
C:\Documents and Settings\End User\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\End User\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\End User\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\End User\Local Settings\Application Data\Mozilla\Firefox\Profiles\w9wus9dz.default\Cache\_CACHE_001_ Object is locked skipped
C:\Documents and Settings\End User\Local Settings\Application Data\Mozilla\Firefox\Profiles\w9wus9dz.default\Cache\_CACHE_002_ Object is locked skipped
C:\Documents and Settings\End User\Local Settings\Application Data\Mozilla\Firefox\Profiles\w9wus9dz.default\Cache\_CACHE_003_ Object is locked skipped
C:\Documents and Settings\End User\Local Settings\Application Data\Mozilla\Firefox\Profiles\w9wus9dz.default\Cache\_CACHE_MAP_ Object is locked skipped
C:\Documents and Settings\End User\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\End User\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\End User\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\End User\NTUSER.DAT.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\EENGINE\EPERSIST.DAT Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBConfig.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBDebug.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBDetect.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBNotify.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBRefr.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetCfg.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetCfg2.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetDev.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetLoc.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetUsr.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSMNot.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSMReg.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSMRSt.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBStHash.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBStMSI.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBValid.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\SPPolicy.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\SPStart.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\SPStop.log Object is locked skipped
C:\Program Files\Symantec AntiVirus\SAVRT\0675NAV~.TMP Object is locked skipped
C:\Program Files\Symantec AntiVirus\SAVRT\0931NAV~.TMP Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{5F3B951E-25E3-43F4-AB8C-0735B1521336}\RP3\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\Internet Logs\tvDebug.log Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edbtmp.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\SLEvtLog.evt Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\Temp\mcafee_taThMWHRmQK4V3g Object is locked skipped
C:\WINDOWS\Temp\mcafee_WXqrat2DAX3wAQb Object is locked skipped
C:\WINDOWS\Temp\mcmsc_cETzqebu5VNRBNr Object is locked skipped
C:\WINDOWS\Temp\mcmsc_CQ1LADeNUons4WK Object is locked skipped
C:\WINDOWS\Temp\mcmsc_ei4sKhl6ywFNU5y Object is locked skipped
C:\WINDOWS\Temp\mcmsc_Nk2idmNx12od21D Object is locked skipped
C:\WINDOWS\Temp\mcmsc_Vw2fPgjHyBRR6S9 Object is locked skipped
C:\WINDOWS\Temp\Perflib_Perfdata_56c.dat Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.

Blade81
2008-02-06, 21:25
Hi

Please download FindAWF (http://noahdfear.geekstogo.com/FindAWF.exe) and save it to your desktop

* Double-click FindAWF.exe to start the tool.
* Select option #1 - Scan for bak folders by typing 1 and press 'Enter'
* When the tool has completed, a report will open up in notepad. Please post the results of the awf.txt here.

**Do not run any other option unless directed to do so.**

Fred999
2008-02-07, 04:36
Thanks SO MUCH for replying! Looking forward to your response.


Find AWF report by noahdfear ©2006
Version 1.40

The current date is: Wed 02/06/2008
The current time is: 20:42:28.18


bak folders found
~~~~~~~~~~~


Directory of C:\PROGRA~1\ERASER\BAK

12/11/2007 12:00 AM 4 default.ers
04/09/2006 04:19 AM 634,880 eraser.exe
12/10/2007 11:59 PM 51 schedlog.txt
3 File(s) 634,935 bytes

Directory of C:\PROGRA~1\PRINTS~1\BAK

04/23/2007 06:06 AM 507,904 PrintScreen.exe
1 File(s) 507,904 bytes

Directory of C:\PROGRA~1\QUICKT~1\BAK

08/06/2006 08:40 PM 282,624 qttask.exe
1 File(s) 282,624 bytes

Directory of C:\WINDOWS\SYSTEM32\BAK

08/03/2004 05:56 PM 15,360 ctfmon.exe
11/17/2003 11:11 PM 118,784 hkcmd.exe
11/17/2003 11:24 PM 155,648 igfxtray.exe
07/09/2001 11:50 AM 155,648 NeroCheck.exe
4 File(s) 445,440 bytes

Directory of C:\PROGRA~1\APPLE\QUICKT~1\BAK

06/14/2006 03:24 PM 278,528 iTunesHelper.exe
1 File(s) 278,528 bytes

Directory of C:\PROGRA~1\COMMON~1\SYMANT~1\BAK

04/08/2005 03:52 PM 48,752 ccApp.exe
1 File(s) 48,752 bytes

Directory of C:\PROGRA~1\DISKEE~1\DISKEE~2\BAK

11/22/2005 05:38 PM 221,184 DkIcon.exe
1 File(s) 221,184 bytes

Directory of C:\PROGRA~1\ADOBE\READER~1.0\READER\BAK

05/11/2007 02:06 AM 40,048 Reader_sl.exe
1 File(s) 40,048 bytes

Directory of C:\PROGRA~1\JAVA\JRE16~2.0_0\BIN\BAK

07/12/2007 03:00 AM 132,496 jusched.exe
1 File(s) 132,496 bytes

Directory of C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\BAK

10/17/2004 03:00 AM 98,304 E_FATI9TA.EXE
01/13/2006 07:36 PM 196,608 hpztsb04.exe
2 File(s) 294,912 bytes


Duplicate files of bak directory contents
~~~~~~~~~~~~~~~~~~~~~~~

4 Aug 18 2007 "C:\Program Files\Eraser\default.ers"
4 Dec 11 2007 "C:\Program Files\Eraser\bak\default.ers"
634880 Apr 9 2006 "C:\Program Files\Eraser\bak\eraser.exe"
10208 Aug 16 2007 "C:\Program Files\Eraser\schedlog.txt"
51 Dec 10 2007 "C:\Program Files\Eraser\bak\schedlog.txt"
507904 Apr 23 2007 "C:\Program Files\PrintScreen\bak\PrintScreen.exe"
282624 Aug 6 2006 "C:\Program Files\QuickTime\bak\qttask.exe"
15360 Aug 3 2004 "C:\WINDOWS\system32\ctfmon.exe"
15360 Aug 3 2004 "C:\WINDOWS\system32\bak\ctfmon.exe"
118784 Nov 17 2003 "C:\WINDOWS\system32\bak\hkcmd.exe"
118784 Jan 15 2004 "C:\WINDOWS\system32\ReinstallBackups\0000\DriverFiles\hkcmd.exe"
118784 Nov 17 2003 "C:\WINDOWS\system32\ReinstallBackups\0004\DriverFiles\hkcmd.exe"
155648 Nov 17 2003 "C:\WINDOWS\system32\bak\igfxtray.exe"
155648 Jan 15 2004 "C:\WINDOWS\system32\ReinstallBackups\0000\DriverFiles\igfxtray.exe"
155648 Nov 17 2003 "C:\WINDOWS\system32\ReinstallBackups\0004\DriverFiles\igfxtray.exe"
155648 Jul 9 2001 "C:\WINDOWS\system32\bak\NeroCheck.exe"
278528 Jun 14 2006 "C:\Program Files\Apple\Quicktime - iTunes\bak\iTunesHelper.exe"
52896 Jul 19 2006 "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
48752 Apr 8 2005 "C:\Program Files\Common Files\Symantec Shared\bak\ccApp.exe"
221184 Nov 22 2005 "C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe"
73728 Dec 30 2004 "C:\WINDOWS\Installer\{E87BE7F8-3077-40C1-8592-956F649A2781}\DkIcon.exe"
221184 Nov 22 2005 "C:\Program Files\Diskeeper Corporation\Diskeeper\bak\DkIcon.exe"
40048 May 11 2007 "C:\Program Files\Adobe\Reader 8.0\Reader\bak\Reader_sl.exe"
36975 Nov 10 2005 "C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe"
75520 Dec 15 2006 "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
49263 Oct 12 2006 "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
83608 Mar 14 2007 "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
32881 Sep 28 2004 "C:\Program Files\TaxDeductionPro 2006\JRE\bin\jusched.exe"
132496 Jul 12 2007 "C:\Program Files\Java\jre1.6.0_02\bin\bak\jusched.exe"
98304 Oct 17 2004 "C:\WINDOWS\system32\spool\drivers\w32x86\epsonpicturemate_deld046\E_FATI9TA.EXE"
98304 Oct 17 2004 "C:\WINDOWS\system32\spool\drivers\w32x86\3\bak\E_FATI9TA.EXE"
196608 Jan 13 2006 "C:\WINDOWS\system32\spool\drivers\w32x86\3\bak\hpztsb04.exe"


end of report

Blade81
2008-02-07, 18:39
Double-click FindAWF.exe to start the tool.

Select option #2 - Restore files from bak folders by typing 2 and press 'Enter'
A text file will open up. Please copy/paste the following bolded text into the text file:
"C:\Program Files\ERASER\BAK\default.ers"
"C:\Program Files\ERASER\BAK\eraser.exe"
"C:\Program Files\ERASER\BAK\schedlog.txt"
"C:\Program Files\PrintScreen\BAK\PrintScreen.exe"
"C:\Program Files\QuickTime\BAK\qttask.exe"
"C:\WINDOWS\SYSTEM32\BAK\ctfmon.exe"
"C:\WINDOWS\SYSTEM32\BAK\hkcmd.exe"
"C:\WINDOWS\SYSTEM32\BAK\igfxtray.exe"
"C:\WINDOWS\SYSTEM32\BAK\NeroCheck.exe"
"C:\Program Files\APPLE\Quicktime - iTunes\BAK\iTunesHelper.exe"
"C:\Program Files\Common Files\Symantec Shared\BAK\ccApp.exe"
"C:\Program Files\Diskeeper Corporation\Diskeeper\BAK\DkIcon.exe"
"C:\Program Files\ADOBE\Reader 8.0\READER\BAK\Reader_sl.exe"
"C:\Program Files\JAVA\jre1.6.0_02\BIN\BAK\jusched.exe"
"C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\BAK\E_FATI9TA.EXE"
"C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\BAK \hpztsb04.exe"

Close the .txt file and click 'Yes' to save the changes.
When the tool has completed, a report will open up in notepad.
Please post the results of the awf.txt here.

Fred999
2008-02-07, 23:08
OK. Here it is. Again, I appreciate the help. Anxiously awaiting next step.




Find AWF report by noahdfear ©2006
Version 1.40
Option 2 run successfully

The current date is: Thu 02/07/2008
The current time is: 16:06:20.66


bak folders found
~~~~~~~~~~~


Directory of C:\PROGRA~1\ERASER\BAK

12/11/2007 12:00 AM 4 default.ers
04/09/2006 04:19 AM 634,880 eraser.exe
12/10/2007 11:59 PM 51 schedlog.txt
3 File(s) 634,935 bytes

Directory of C:\PROGRA~1\PRINTS~1\BAK

04/23/2007 06:06 AM 507,904 PrintScreen.exe
1 File(s) 507,904 bytes

Directory of C:\PROGRA~1\QUICKT~1\BAK

08/06/2006 08:40 PM 282,624 qttask.exe
1 File(s) 282,624 bytes

Directory of C:\WINDOWS\SYSTEM32\BAK

08/03/2004 05:56 PM 15,360 ctfmon.exe
11/17/2003 11:11 PM 118,784 hkcmd.exe
11/17/2003 11:24 PM 155,648 igfxtray.exe
07/09/2001 11:50 AM 155,648 NeroCheck.exe
4 File(s) 445,440 bytes

Directory of C:\PROGRA~1\APPLE\QUICKT~1\BAK

06/14/2006 03:24 PM 278,528 iTunesHelper.exe
1 File(s) 278,528 bytes

Directory of C:\PROGRA~1\COMMON~1\SYMANT~1\BAK

04/08/2005 03:52 PM 48,752 ccApp.exe
1 File(s) 48,752 bytes

Directory of C:\PROGRA~1\DISKEE~1\DISKEE~2\BAK

11/22/2005 05:38 PM 221,184 DkIcon.exe
1 File(s) 221,184 bytes

Directory of C:\PROGRA~1\ADOBE\READER~1.0\READER\BAK

05/11/2007 02:06 AM 40,048 Reader_sl.exe
1 File(s) 40,048 bytes

Directory of C:\PROGRA~1\JAVA\JRE16~2.0_0\BIN\BAK

07/12/2007 03:00 AM 132,496 jusched.exe
1 File(s) 132,496 bytes

Directory of C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\BAK

10/17/2004 03:00 AM 98,304 E_FATI9TA.EXE
01/13/2006 07:36 PM 196,608 hpztsb04.exe
2 File(s) 294,912 bytes


Duplicate files of bak directory contents
~~~~~~~~~~~~~~~~~~~~~~~

4 Dec 11 2007 "C:\Program Files\Eraser\default.ers"
4 Dec 11 2007 "C:\Program Files\Eraser\bak\default.ers"
634880 Apr 9 2006 "C:\Program Files\Eraser\eraser.exe"
634880 Apr 9 2006 "C:\Program Files\Eraser\bak\eraser.exe"
51 Dec 10 2007 "C:\Program Files\Eraser\schedlog.txt"
51 Dec 10 2007 "C:\Program Files\Eraser\bak\schedlog.txt"
507904 Apr 23 2007 "C:\Program Files\PrintScreen\PrintScreen.exe"
507904 Apr 23 2007 "C:\Program Files\PrintScreen\bak\PrintScreen.exe"
282624 Aug 6 2006 "C:\Program Files\QuickTime\qttask.exe"
282624 Aug 6 2006 "C:\Program Files\QuickTime\bak\qttask.exe"
15360 Aug 3 2004 "C:\WINDOWS\system32\ctfmon.exe"
15360 Aug 3 2004 "C:\WINDOWS\system32\bak\ctfmon.exe"
118784 Nov 17 2003 "C:\WINDOWS\system32\hkcmd.exe"
118784 Nov 17 2003 "C:\WINDOWS\system32\bak\hkcmd.exe"
118784 Jan 15 2004 "C:\WINDOWS\system32\ReinstallBackups\0000\DriverFiles\hkcmd.exe"
118784 Nov 17 2003 "C:\WINDOWS\system32\ReinstallBackups\0004\DriverFiles\hkcmd.exe"
155648 Nov 17 2003 "C:\WINDOWS\system32\igfxtray.exe"
155648 Nov 17 2003 "C:\WINDOWS\system32\bak\igfxtray.exe"
155648 Jan 15 2004 "C:\WINDOWS\system32\ReinstallBackups\0000\DriverFiles\igfxtray.exe"
155648 Nov 17 2003 "C:\WINDOWS\system32\ReinstallBackups\0004\DriverFiles\igfxtray.exe"
155648 Jul 9 2001 "C:\WINDOWS\system32\NeroCheck.exe"
155648 Jul 9 2001 "C:\WINDOWS\system32\bak\NeroCheck.exe"
278528 Jun 14 2006 "C:\Program Files\Apple\Quicktime - iTunes\iTunesHelper.exe"
278528 Jun 14 2006 "C:\Program Files\Apple\Quicktime - iTunes\bak\iTunesHelper.exe"
48752 Apr 8 2005 "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
48752 Apr 8 2005 "C:\Program Files\Common Files\Symantec Shared\bak\ccApp.exe"
221184 Nov 22 2005 "C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe"
73728 Dec 30 2004 "C:\WINDOWS\Installer\{E87BE7F8-3077-40C1-8592-956F649A2781}\DkIcon.exe"
221184 Nov 22 2005 "C:\Program Files\Diskeeper Corporation\Diskeeper\bak\DkIcon.exe"
40048 May 11 2007 "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
40048 May 11 2007 "C:\Program Files\Adobe\Reader 8.0\Reader\bak\Reader_sl.exe"
36975 Nov 10 2005 "C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe"
75520 Dec 15 2006 "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
49263 Oct 12 2006 "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
83608 Mar 14 2007 "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
132496 Jul 12 2007 "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
32881 Sep 28 2004 "C:\Program Files\TaxDeductionPro 2006\JRE\bin\jusched.exe"
132496 Jul 12 2007 "C:\Program Files\Java\jre1.6.0_02\bin\bak\jusched.exe"
98304 Oct 17 2004 "C:\WINDOWS\system32\spool\drivers\w32x86\3\E_FATI9TA.EXE"
98304 Oct 17 2004 "C:\WINDOWS\system32\spool\drivers\w32x86\epsonpicturemate_deld046\E_FATI9TA.EXE"
98304 Oct 17 2004 "C:\WINDOWS\system32\spool\drivers\w32x86\3\bak\E_FATI9TA.EXE"
196608 Jan 13 2006 "C:\WINDOWS\system32\spool\drivers\w32x86\3\bak\hpztsb04.exe"


end of report

Fred999
2008-02-08, 05:11
Thanks for your help. However I have received advice from another source. I know resources are limited so I'll let you focus your attention on another problem.

Thanks again for your time.

Blade81
2008-02-08, 18:24
Okay. Thanks for letting me know :) I'll close this one then.