Clickspring

Hi

Empty these folders:

C:\Users\Tim\AppData\Local\Temp\
C:\Users\Tim\AppData\Roaming\Sun\Java\Deployment\cache\javapi\v1.0\jar

Delete these:

C:\Downloads\DinerDashSetup-dm[1].exe
C:\Downloads\JDAmericanFarmer_Setup-dm[1].exe
C:\Downloads\PedalToTheMetalSetup-dm[1].exe
C:\Program Files\Common Files\microsoft shared\Web Folders\ibm00001.dll
C:\Program Files\Common Files\microsoft shared\Web Folders\ibm00001.exe
C:\Program Files\Common Files\microsoft shared\Web Folders\ibm00002.dll
C:\Program Files\Common Files\microsoft shared\Web Folders\ibm00003.dll
C:\Program Files\Common Files\microsoft shared\Web Folders\ibm00004.dll
C:\Program Files\FunWebProducts\Installr\5.bin\F3EZSETP.DLL
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe1174223618
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe1174242813
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe1174331018
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe1174341443
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe1174438282
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe1174648062
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe1174745556
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe1174936961
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe1175637099
C:\Users\Tyler\Local Settings\Temp\ImInstaller\IncrediMail\incredimail_install.exe
C:\Windows\cfg32.exe
C:\Windows\cfsb.exe

Empty Recycle Bin

Please download the following program and save it to your desktop:

http://noahdfear.geekstogo.com/FindAWF.exe

Once downloaded, double-click on the file to run it.
Press 1 and enter.
When it is done there will be a file called awf.txt on your desktop. Please post the contents of that file as a reply to this topic.
 
Find AWF report by noahdfear ©2006
Version 1.40

The current date is: Tue 08/14/2007
The current time is: 12:06:12.79


bak folders found
~~~~~~~~~~~


Directory of C:\ITUNES\BAK


Directory of C:\PROGRA~1\ADVANC~1\BAK

08/13/2005 08:16 PM 184,320 HCUcp.txt
08/13/2005 08:16 PM 2,289,664 HCUsm.txt
08/13/2005 08:16 PM 12,288 HCUsp.txt
08/13/2005 08:16 PM 8,192 HLMctrc.txt
08/13/2005 08:16 PM 8,192 HLMctrf.txt
08/13/2005 08:16 PM 98,304 HLMctrs.txt
08/13/2005 08:16 PM 651,264 HLMser.txt
7 File(s) 3,252,224 bytes

Directory of C:\PROGRA~1\AIM\BAK

08/01/2006 04:35 PM 67,112 aim.exe
1 File(s) 67,112 bytes

Directory of C:\PROGRA~1\MSNMES~1\BAK

0 File(s) 0 bytes

Directory of C:\PROGRA~1\QUICKT~1\BAK

02/16/2007 11:54 AM 282,624 qttask.exe
1 File(s) 282,624 bytes

Directory of C:\PROGRA~1\SYMNET~1\BAK

03/30/2007 07:58 AM 100,048 SNDMon.exe
1 File(s) 100,048 bytes

Directory of C:\WINDOWS\EHOME\BAK

08/10/2004 03:04 PM 59,392 ehtray.exe
1 File(s) 59,392 bytes

Directory of C:\WINDOWS\SMINST\BAK

04/15/2004 12:43 AM 233,472 RECGUARD.EXE
1 File(s) 233,472 bytes

Directory of C:\WINDOWS\SYSTEM\BAK

05/07/1998 08:04 PM 52,736 hpsysdrv.exe
1 File(s) 52,736 bytes

Directory of C:\HP\DRIVERS\HPLSBW~1\BAK

10/15/2004 01:54 AM 253,952 lsburnwatcher.exe
1 File(s) 253,952 bytes

Directory of C:\PROGRA~1\HP\{AAC4F~1\BAK

06/07/2004 10:53 PM 49,152 hphupd06.exe
1 File(s) 49,152 bytes

Directory of C:\PROGRA~1\COMMON~1\REAL\UPDATE~1\BAK

11/05/2004 08:14 AM 180,269 realsched.exe
1 File(s) 180,269 bytes

Directory of C:\PROGRA~1\JAVA\J2RE14~1.2_0\BIN\BAK

11/05/2004 06:30 AM 32,881 jusched.exe
1 File(s) 32,881 bytes


Duplicate files of bak directory contents
~~~~~~~~~~~~~~~~~~~~~~~

184320 Aug 13 2005 "C:\Program Files\Advanced WindowsCare\Bak\HCUcp.txt"
2289664 Aug 13 2005 "C:\Program Files\Advanced WindowsCare\Bak\HCUsm.txt"
12288 Aug 13 2005 "C:\Program Files\Advanced WindowsCare\Bak\HCUsp.txt"
8192 Aug 13 2005 "C:\Program Files\Advanced WindowsCare\Bak\HLMctrc.txt"
8192 Aug 13 2005 "C:\Program Files\Advanced WindowsCare\Bak\HLMctrf.txt"
98304 Aug 13 2005 "C:\Program Files\Advanced WindowsCare\Bak\HLMctrs.txt"
651264 Aug 13 2005 "C:\Program Files\Advanced WindowsCare\Bak\HLMser.txt"
67112 Aug 1 2006 "C:\Program Files\AIM\bak\aim.exe"
282624 Apr 27 2007 "C:\Program Files\QuickTime\qttask.exe"
282624 Feb 16 2007 "C:\Program Files\QuickTime\bak\qttask.exe"
111840 Apr 8 2007 "C:\Program Files\SymNetDrv\SNDMon.exe"
100048 Mar 30 2007 "C:\Program Files\SymNetDrv\bak\SNDMon.exe"
125440 Nov 2 2006 "C:\Windows\ehome\ehtray.exe"
59392 Aug 10 2004 "C:\Windows\ehome\bak\ehtray.exe"
125440 Nov 2 2006 "C:\Windows\winsxs\x86_microsoft-windows-ehome-ehtray_31bf3856ad364e35_6.0.6000.16386_none_28a24bc3701e0760\ehtray.exe"
233472 Apr 15 2004 "C:\Windows\SMINST\Recguard.exe"
233472 Apr 15 2004 "C:\Windows\SMINST\bak\RECGUARD.EXE"
52736 May 7 1998 "C:\Windows\system\hpsysdrv.exe"
52736 May 7 1998 "C:\Windows\system\bak\hpsysdrv.exe"
253952 Oct 15 2004 "C:\hp\drivers\hplsbwatcher\lsburnwatcher.exe1175394912"
253952 Oct 15 2004 "C:\hp\drivers\hplsbwatcher\bak\lsburnwatcher.exe"
49152 Jun 7 2004 "C:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe"
49152 Jun 7 2004 "C:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\bak\hphupd06.exe"
180269 Nov 5 2004 "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"
180269 Nov 5 2004 "C:\Program Files\Common Files\Real\Update_OB\bak\realsched.exe"
32881 Nov 5 2004 "C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe"
32881 Sep 28 2004 "C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe"
36975 Mar 4 2005 "C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe"
75520 Dec 15 2006 "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
36975 Jun 3 2005 "C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe"
36975 Aug 26 2005 "C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe"
36975 Apr 13 2005 "C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe"
49263 Sep 7 2006 "C:\Program Files\Adobe\Adobe Flash CS3\JVM\bin\jusched.exe"
32881 Nov 5 2004 "C:\Program Files\Java\j2re1.4.2_03\bin\bak\jusched.exe"


end of report
 
Hi

Uninstall via add/remove programs if present:

SpamBlockerUtility

Please make sure that you can view all hidden files. Instructions on how to do this can be found here:

How to see hidden files in Windows

Empty these folders:

C:\Users\Tyler\Local Settings\Temp
C:\Users\Alyssa\Local Settings\Temporary Internet Files\Content.IE5


Delete these:

C:\Users\Tyler\Desktop\incredimail_install.exe
C:\Program Files\SpamBlockerUtility
C:\Users\Alyssa\Desktop\New Folder (4)\New Folder (2)\Titan[1].1.25.1600.zip
C:\Users\Alyssa\Desktop\Trillian.zip
C:\Users\HP_Administrator\Desktop\Adobe CS3\Keygens\Photoshop CS3 Keygen + Activation.exe
C:\Users\HP_Administrator\Documents\BitTorrent Downloads\Adobe CS3 Keygens
C:\Users\Public\Documents\Settings\winsys2f.dll
C:\Users\Public\Documents\Settings\winsys2f.dll~

Empty Recycle Bin

Please click this link-->Jotti

When the jotti page has finished loading, click the Browse button and navigate to the following file and click Submit.

C:\Program Files\QuickTime\qttask.exe

Repeat for these:

C:\Program Files\SymNetDrv\SNDMon.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\SMINST\Recguard.exe
C:\Windows\system\hpsysdrv.exe

Please post back the results of the scan in your next post.

If Jotti is busy, try the same at Virustotal: http://www.virustotal.com/
 
Hi

Then re-scan with kaspersky and post a fresh HijackThis log and kaspersky report, please :)
 
Due to the lack of feedback this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team
a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.
 
You must log in or register to reply here.
Back
Top