Tom's Guide | Tom's Hardware | Tom's Games
 |
 |
 |
I’m getting a warning about a zonebac.gen!B from Windows security. When I try to run a full system scan with Norton AV, I get a message saying, “The Norton AntiVirus component is not installed or failed to load. Please uninstall and reinstall Norton AntiVirus.” Can anyone please help?
Please download and install the latest version of HijackThis v2.0.2:
Download the HijackThis Installer from this link: HijackThis
1. Save " HJTInstall.exe" to your desktop.
2. Double click on HJTInstall.exe to run the program.
3. By default it will install to C:\Program Files\Trend Micro\HijackThis.
4. Accept the license agreement by clicking the "I Accept" button.
5.Click on the "Do a system scan and save a log file" button. It will scan and then ask you to save the log.
6. Click "Save log" to save the log file and then the log will open in Notepad.
7. Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
8. Paste the log in your next reply.
9. Do NOT have HijackThis fix anything yet! Most of what it finds will be harmless or even required.Please download FindAWL from this link FindAWF
Double-click on the FindAWF.exe file to run it. It will open a command prompt and ask you to "Press any key to continue". You will be presented with a Menu.
1. Press 1 then Enter to scan for bak folders
2. Press 2 then Enter to restore files from bak folders
3. Press 3 then Enter to remove bak folders
4. Press 4 then Enter to reset domain zones
5. Press E then Enter to EXIT
Press 1 then press Enter. Copy and paste the contents of the AWF.txt file in your next reply.
0 
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:17:12 AM, on 11/17/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: NormalRunning processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\System32\GEARSec.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton Ghost\Agent\PQV2iSvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\PGPsdkServ.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\UPSMON\UPSMON_Service.exe
C:\WINDOWS\Explorer.exe
C:\Program Files\UPSMON\UPSMON.exe
C:\WINDOWS\system32\MRT.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\NMain.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\HijackThis\HijackThis.exeO2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Acrobat\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [UPSMON] "C:\Program Files\UPSMON\UPSMON.exe"
O4 - HKLM\..\Run: [TPP Auto Loader] C:\WINDOWS\TPPALDR.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.exe NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.exe
O4 - HKLM\..\Run: [A Verizon App] C:\PROGRA~1\VERIZO~1\HELPSU~1\VERIZO~1.exe
O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\OmniPage\OpwareSE2.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [BCWipeTM Startup] "C:\Program Files\BCWipe\BCWipeTM.exe" startup
O4 - Startup: PaulaBackup.lnk = Utilities\PaulaBackup.Bat
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O15 - Trusted Zone: *.doginhispen.com
O15 - Trusted Zone: *.whataboutadog.com
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?lin...
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?lin...
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52...
O17 - HKLM\System\CCS\Services\Tcpip\..\{5036B51A-6155-41B5-B3F2-51D90E4E0699}: NameServer = 198.168.0.1,4.2.2.2
O17 - HKLM\System\CCS\Services\Tcpip\..\{8DE7FA26-6C60-4286-BE12-7E12CA037BB0}: NameServer = 192.168.0.1,4.2.2.2
O17 - HKLM\System\CS1\Services\Tcpip\..\{5036B51A-6155-41B5-B3F2-51D90E4E0699}: NameServer = 198.168.0.1,4.2.2.2
O17 - HKLM\System\CS2\Services\Tcpip\..\{5036B51A-6155-41B5-B3F2-51D90E4E0699}: NameServer = 198.168.0.1,4.2.2.2
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Norton Ghost\Agent\PQV2iSvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PGPsdkService (PGPsdkServ) - PGP Corporation - C:\WINDOWS\System32\PGPsdkServ.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~2\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: UPSMONService - Unknown owner - C:\Program Files\UPSMON\UPSMON_Service.exe--
End of file - 6825 bytes
Find AWF report by noahdfear ©2006
Version 1.40The current date is: Sat 11/17/2007
The current time is: 8:14:41.85
bak folders found
~~~~~~~~~~~
Directory of C:\WINDOWS\BAK10/05/2001 10:54 AM 118,784 TPPALDR.exe
1 File(s) 118,784 bytesDirectory of C:\PROGRA~1\BCWIPE\BAK
06/22/2007 03:28 AM 512,752 BCWipeTM.exe
1 File(s) 512,752 bytesDirectory of C:\PROGRA~1\OMNIPAGE\BAK
05/08/2003 12:00 PM 49,152 OpwareSE2.exe
1 File(s) 49,152 bytesDirectory of C:\PROGRA~1\SYMNET~1\BAK
12/10/2006 11:50 AM 100,056 SNDMon.exe
1 File(s) 100,056 bytesDirectory of C:\PROGRA~1\UPSMON\BAK
11/26/2004 01:24 PM 429,568 UPSMON.exe
11/16/2007 06:34 PM 45 UPSMON.ini
2 File(s) 429,613 bytesDirectory of C:\PROGRA~1\COMMON~1\SYMANT~2\BAK
01/09/2007 05:32 PM 58,984 ccApp.exe
1 File(s) 58,984 bytesDirectory of C:\PROGRA~1\GOOGLE\GOOGLE~2\BAK
09/07/2007 07:32 PM 68,856 GoogleToolbarNotifier.exe
1 File(s) 68,856 bytesDirectory of C:\PROGRA~1\VERIZO~1\HELPSU~1\BAK
05/23/2005 12:20 PM 50,744 VERIZO~1.exe
1 File(s) 50,744 bytesDirectory of C:\WINDOWS\IME\IMJP8_1\BAK
08/04/2004 12:31 AM 208,952 IMJPMIG.exe
1 File(s) 208,952 bytesDirectory of C:\WINDOWS\IME\IMKR6_1\BAK
08/18/2001 07:00 AM 44,032 IMEKRMIG.exe
1 File(s) 44,032 bytesDirectory of C:\PROGRA~1\VERIZO~1\HELPSU~1\SMARTB~1\BAK
07/22/2005 08:19 PM 385,024 MotiveSB.exe
1 File(s) 385,024 bytesDirectory of C:\DOCUME~1\MIKE\MYDOCU~1\VOLPE\CATS\BAK
04/30/2000 08:47 PM 2,383,360 CATS1a.ics
05/16/2000 08:18 AM 21,406,208 CATS1b B1.ics
08/20/2003 04:01 PM 3,931,136 CATS3a B1.ics
08/21/2003 03:43 PM 4,391,936 CATS3c B1.ics
09/07/2003 06:49 PM 4,421,632 CATS3c B2.ics
09/28/2003 08:24 PM 4,537,344 CATS3c B3.ics
04/29/2000 08:23 AM 153,600 Old Throttle.ics
12/09/2000 07:59 PM 1,968,128 ThrottleQuad0.ics
12/12/2000 07:47 PM 1,766,912 ThrottleQuad1 B1.ics
9 File(s) 44,960,256 bytesDirectory of F:\MIKEBA~1\DOCUME~1\VOLPE\CATS\BAK
04/30/2000 08:47 PM 2,383,360 CATS1a.ics
05/16/2000 08:18 AM 21,406,208 CATS1b B1.ics
08/20/2003 04:01 PM 3,931,136 CATS3a B1.ics
08/21/2003 03:43 PM 4,391,936 CATS3c B1.ics
09/07/2003 06:49 PM 4,421,632 CATS3c B2.ics
09/28/2003 08:24 PM 4,537,344 CATS3c B3.ics
04/29/2000 08:23 AM 153,600 Old Throttle.ics
12/09/2000 07:59 PM 1,968,128 ThrottleQuad0.ics
12/12/2000 07:47 PM 1,766,912 ThrottleQuad1 B1.ics
9 File(s) 44,960,256 bytes
Duplicate files of bak directory contents
~~~~~~~~~~~~~~~~~~~~~~~26636 Oct 18 2007 "C:\WINDOWS\TPPALDR.exe"
118784 Oct 5 2001 "C:\WINDOWS\bak\TPPALDR.exe"
118784 Oct 5 2001 "C:\WINDOWS\Drivers\TPP\tppaldr.exe"
26636 Oct 18 2007 "C:\Program Files\BCWipe\BCWipeTM.exe"
512752 Jun 22 2007 "C:\Program Files\BCWipe\bak\BCWipeTM.exe"
26636 Oct 18 2007 "C:\Program Files\OmniPage\OpwareSE2.exe"
49152 May 8 2003 "C:\Program Files\OmniPage\bak\OpwareSE2.exe"
26636 Oct 18 2007 "C:\Program Files\SymNetDrv\SNDMon.exe"
100056 Dec 10 2006 "C:\Program Files\SymNetDrv\bak\SNDMon.exe"
26636 Oct 18 2007 "C:\Program Files\UPSMON\UPSMON.exe"
429568 Nov 26 2004 "C:\Program Files\UPSMON\bak\UPSMON.exe"
437 Nov 16 2007 "C:\Program Files\UPSMON\UPSMON.ini"
45 Nov 16 2007 "C:\Program Files\UPSMON\bak\UPSMON.ini"
26636 Oct 18 2007 "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
58984 Jan 9 2007 "C:\Program Files\Common Files\Symantec Shared\bak\ccApp.exe"
58992 Dec 13 2004 "C:\Documents and Settings\Admin\Local Settings\Temp\NAV\Support\ccCommon\ccCommon\ccApp.exe"
58992 Dec 13 2004 "C:\Documents and Settings\Mike\Local Settings\Temp\NAV\Support\ccCommon\ccCommon\ccApp.exe"
52272 Feb 7 2007 "C:\Program Files\Google\googletoolbar3user.exe"
26636 Oct 18 2007 "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
559784 Dec 3 2006 "C:\Program Files\Common Files\Real\GToolbar\GoogleToolbarInstaller.exe"
138168 Feb 7 2007 "C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe"
68856 Sep 7 2007 "C:\Program Files\Google\GoogleToolbarNotifier\bak\GoogleToolbarNotifier.exe"
26636 Oct 18 2007 "C:\Program Files\Verizon Online\Help Support\VerizonSupport.exe"
50744 May 23 2005 "C:\Program Files\Verizon Online\Help Support\bak\VERIZO~1.exe"
122660 Jul 22 2005 "C:\Program Files\Verizon Online\Help Support\SmartBridge\VerizonSetPanFolder.exe"
122660 Jul 22 2005 "C:\Program Files\Verizon Online\Help Support\SmartBridge\Original\VerizonSetPanFolder.exe"
122660 Jul 22 2005 "C:\Program Files\Verizon Online\Help Support\SmartBridge\Updates\VerizonSetPanFolder.exe"
208952 Aug 4 2004 "C:\WINDOWS\ime\imjp8_1\imjpmig.exe"
208952 Aug 4 2004 "C:\WINDOWS\ime\imjp8_1\bak\IMJPMIG.exe"
44032 Aug 18 2001 "C:\WINDOWS\ime\imkr6_1\imekrmig.exe"
44032 Aug 18 2001 "C:\WINDOWS\ime\imkr6_1\bak\IMEKRMIG.exe"
26636 Oct 18 2007 "C:\Program Files\Verizon Online\Help Support\SmartBridge\MotiveSB.exe"
385024 Jul 22 2005 "C:\Program Files\Verizon Online\Help Support\SmartBridge\bak\MotiveSB.exe"
385024 Jul 22 2005 "C:\Program Files\Verizon Online\Help Support\SmartBridge\Original\MotiveSB.exe"
385024 Jul 22 2005 "C:\Program Files\Verizon Online\Help Support\SmartBridge\Updates\MotiveSB.exe"
2383360 Apr 30 2000 "C:\Documents and Settings\Mike\My Documents\Volpe\CATS\Bak\CATS1a.ics"
2383360 Apr 30 2000 "F:\Mike Backup\Documents\Volpe\CATS\Bak\CATS1a.ics"
21406208 May 16 2000 "C:\Documents and Settings\Mike\My Documents\Volpe\CATS\Bak\CATS1b B1.ics"
21406208 May 16 2000 "F:\Mike Backup\Documents\Volpe\CATS\Bak\CATS1b B1.ics"
3931136 Aug 20 2003 "C:\Documents and Settings\Mike\My Documents\Volpe\CATS\Bak\CATS3a B1.ics"
3931136 Aug 20 2003 "F:\Mike Backup\Documents\Volpe\CATS\Bak\CATS3a B1.ics"
4391936 Aug 21 2003 "C:\Documents and Settings\Mike\My Documents\Volpe\CATS\Bak\CATS3c B1.ics"
4391936 Aug 21 2003 "F:\Mike Backup\Documents\Volpe\CATS\Bak\CATS3c B1.ics"
4537344 Sep 28 2003 "C:\Documents and Settings\Mike\My Documents\Volpe\CATS\Bak\CATS3c B3.ics"
4421632 Sep 7 2003 "F:\Mike Backup\Documents\Volpe\CATS\Bak\CATS3c B2.ics"
4421632 Sep 7 2003 "C:\Documents and Settings\Mike\My Documents\Volpe\CATS\Bak\CATS3c B2.ics"
4537344 Sep 28 2003 "F:\Mike Backup\Documents\Volpe\CATS\Bak\CATS3c B3.ics"
153600 Apr 29 2000 "C:\Documents and Settings\Mike\My Documents\Volpe\CATS\OldThrottle.ics"
153600 Apr 29 2000 "C:\Documents and Settings\Mike\My Documents\Volpe\CATS\Bak\Old Throttle.ics"
153600 Apr 29 2000 "F:\Mike Backup\Documents\Volpe\CATS\OldThrottle.ics"
153600 Apr 29 2000 "F:\Mike Backup\Documents\Volpe\CATS\Bak\Old Throttle.ics"
534528 Oct 16 2003 "C:\Documents and Settings\Mike\My Documents\Volpe\CATS\ThrottleQuad1.ics"
1968128 Dec 9 2000 "C:\Documents and Settings\Mike\My Documents\Volpe\CATS\Bak\ThrottleQuad0.ics"
534528 Oct 16 2003 "F:\Mike Backup\Documents\Volpe\CATS\ThrottleQuad1.ics"
1968128 Dec 9 2000 "F:\Mike Backup\Documents\Volpe\CATS\Bak\ThrottleQuad0.ics"
1766912 Dec 12 2000 "C:\Documents and Settings\Mike\My Documents\Volpe\CATS\Bak\ThrottleQuad1 B1.ics"
1766912 Dec 12 2000 "F:\Mike Backup\Documents\Volpe\CATS\Bak\ThrottleQuad1 B1.ics"
2383360 Apr 30 2000 "C:\Documents and Settings\Mike\My Documents\Volpe\CATS\Bak\CATS1a.ics"
2383360 Apr 30 2000 "F:\Mike Backup\Documents\Volpe\CATS\Bak\CATS1a.ics"
21406208 May 16 2000 "C:\Documents and Settings\Mike\My Documents\Volpe\CATS\Bak\CATS1b B1.ics"
21406208 May 16 2000 "F:\Mike Backup\Documents\Volpe\CATS\Bak\CATS1b B1.ics"
3931136 Aug 20 2003 "C:\Documents and Settings\Mike\My Documents\Volpe\CATS\Bak\CATS3a B1.ics"
3931136 Aug 20 2003 "F:\Mike Backup\Documents\Volpe\CATS\Bak\CATS3a B1.ics"
4391936 Aug 21 2003 "C:\Documents and Settings\Mike\My Documents\Volpe\CATS\Bak\CATS3c B1.ics"
4391936 Aug 21 2003 "F:\Mike Backup\Documents\Volpe\CATS\Bak\CATS3c B1.ics"
4537344 Sep 28 2003 "C:\Documents and Settings\Mike\My Documents\Volpe\CATS\Bak\CATS3c B3.ics"
4421632 Sep 7 2003 "F:\Mike Backup\Documents\Volpe\CATS\Bak\CATS3c B2.ics"
4421632 Sep 7 2003 "C:\Documents and Settings\Mike\My Documents\Volpe\CATS\Bak\CATS3c B2.ics"
4537344 Sep 28 2003 "F:\Mike Backup\Documents\Volpe\CATS\Bak\CATS3c B3.ics"
153600 Apr 29 2000 "C:\Documents and Settings\Mike\My Documents\Volpe\CATS\OldThrottle.ics"
153600 Apr 29 2000 "C:\Documents and Settings\Mike\My Documents\Volpe\CATS\Bak\Old Throttle.ics"
153600 Apr 29 2000 "F:\Mike Backup\Documents\Volpe\CATS\OldThrottle.ics"
153600 Apr 29 2000 "F:\Mike Backup\Documents\Volpe\CATS\Bak\Old Throttle.ics"
534528 Oct 16 2003 "C:\Documents and Settings\Mike\My Documents\Volpe\CATS\ThrottleQuad1.ics"
1968128 Dec 9 2000 "C:\Documents and Settings\Mike\My Documents\Volpe\CATS\Bak\ThrottleQuad0.ics"
534528 Oct 16 2003 "F:\Mike Backup\Documents\Volpe\CATS\ThrottleQuad1.ics"
1968128 Dec 9 2000 "F:\Mike Backup\Documents\Volpe\CATS\Bak\ThrottleQuad0.ics"
1766912 Dec 12 2000 "C:\Documents and Settings\Mike\My Documents\Volpe\CATS\Bak\ThrottleQuad1 B1.ics"
1766912 Dec 12 2000 "F:\Mike Backup\Documents\Volpe\CATS\Bak\ThrottleQuad1 B1.ics"
end of reportThanks.
0
Temporarily disable any of the following anti-spyware realtime protection programs that you may have Disable Realtime Protection or the fixes will not work. Be sure to turn yout anti-spyware programs back on once the computer is clean.
Turn off Norton's ScriptBlocking:To disable Norton AntiVirus Script Blocking:
Start Norton AntiVirus.
If Norton AntiVirus is installed as part of Norton SystemWorks or Norton Internet Security, then start that program.
Click Options.
If you see a menu, click Norton AntiVirus.
In the left pane, click Script Blocking.
In the right pane, uncheck Enable Script Blocking.
Click OK.Double-click the FindAWF icon once again
If a Security Alert shows, allow the program to run.
As instructed, press any key to continue.
Use the following option: Press 2 then Enter to restore files from bak foldersA text file opens called: files.txt
Click below the line and paste the following list of files to be restored:
"C:\WINDOWS\bak\TPPALDR.exe"
"C:\Program Files\BCWipe\bak\BCWipeTM.exe"
"C:\Program Files\OmniPage\bak\OpwareSE2.exe"
"C:\Program Files\SymNetDrv\bak\SNDMon.exe"
"C:\Program Files\UPSMON\bak\UPSMON.exe"
"C:\Program Files\UPSMON\bak\UPSMON.ini"
"C:\Program Files\Common Files\Symantec Shared\bak\ccApp.exe"
"C:\Program Files\Google\GoogleToolbarNotifier\bak\GoogleToolbarNotifier.exe"
"C:\Program Files\Verizon Online\Help Support\bak\VERIZO~1.exe"
"C:\WINDOWS\ime\imjp8_1\bak\IMJPMIG.exe"
"C:\WINDOWS\ime\imkr6_1\bak\IMEKRMIG.exe"
"C:\Program Files\Verizon Online\Help Support\SmartBridge\bak\MotiveSB.exe"
"C:\Documents and Settings\Mike\My Documents\Volpe\CATS\Bak\CATS1a.ics"
"F:\Mike Backup\Documents\Volpe\CATS\Bak\CATS1a.ics"
"C:\Documents and Settings\Mike\My Documents\Volpe\CATS\Bak\CATS1b B1.ics"
"F:\Mike Backup\Documents\Volpe\CATS\Bak\CATS1b B1.ics"
"C:\Documents and Settings\Mike\My Documents\Volpe\CATS\Bak\CATS3a B1.ics"
"F:\Mike Backup\Documents\Volpe\CATS\Bak\CATS3a B1.ics"
"C:\Documents and Settings\Mike\My Documents\Volpe\CATS\Bak\CATS3c B1.ics"
43919
"F:\Mike Backup\Documents\Volpe\CATS\Bak\CATS3c B1.ics"
"C:\Documents and Settings\Mike\My Documents\Volpe\CATS\Bak\CATS3c B3.ics"
"F:\Mike Backup\Documents\Volpe\CATS\Bak\CATS3c B2.ics"
"C:\Documents and Settings\Mike\My Documents\Volpe\CATS\Bak\CATS3c B2.ics"
"F:\Mike Backup\Documents\Volpe\CATS\Bak\CATS3c B3.ics"
"C:\Documents and Settings\Mike\My Documents\Volpe\CATS\Bak\Old Throttle.ics"
"F:\Mike Backup\Documents\Volpe\CATS\Bak\Old Throttle.ics"
"C:\Documents and Settings\Mike\My Documents\Volpe\CATS\Bak\ThrottleQuad0.ics"
"F:\Mike Backup\Documents\Volpe\CATS\Bak\ThrottleQuad0.ics"
"C:\Documents and Settings\Mike\My Documents\Volpe\CATS\Bak\ThrottleQuad1 B1.ics"
"F:\Mike Backup\Documents\Volpe\CATS\Bak\ThrottleQuad1 B1.ics"
"C:\Documents and Settings\Mike\My Documents\Volpe\CATS\Bak\CATS1a.ics"
"F:\Mike Backup\Documents\Volpe\CATS\Bak\CATS1a.ics"
"C:\Documents and Settings\Mike\My Documents\Volpe\CATS\Bak\CATS1b B1.ics"
"F:\Mike Backup\Documents\Volpe\CATS\Bak\CATS1b B1.ics"
"C:\Documents and Settings\Mike\My Documents\Volpe\CATS\Bak\CATS3a B1.ics"
"F:\Mike Backup\Documents\Volpe\CATS\Bak\CATS3a B1.ics"
"C:\Documents and Settings\Mike\My Documents\Volpe\CATS\Bak\CATS3c B1.ics"
"F:\Mike Backup\Documents\Volpe\CATS\Bak\CATS3c B1.ics"
"C:\Documents and Settings\Mike\My Documents\Volpe\CATS\Bak\CATS3c B3.ics"
"F:\Mike Backup\Documents\Volpe\CATS\Bak\CATS3c B2.ics"
"C:\Documents and Settings\Mike\My Documents\Volpe\CATS\Bak\CATS3c B2.ics"
"F:\Mike Backup\Documents\Volpe\CATS\Bak\CATS3c B3.ics"
"C:\Documents and Settings\Mike\My Documents\Volpe\CATS\Bak\Old Throttle.ics"
"F:\Mike Backup\Documents\Volpe\CATS\Bak\Old Throttle.ics"
"C:\Documents and Settings\Mike\My Documents\Volpe\CATS\Bak\ThrottleQuad0.ics"
"F:\Mike Backup\Documents\Volpe\CATS\Bak\ThrottleQuad0.ics"
"C:\Documents and Settings\Mike\My Documents\Volpe\CATS\Bak\ThrottleQuad1 B1.ics"
"F:\Mike Backup\Documents\Volpe\CATS\Bak\ThrottleQuad1 B1.ics"
Next, close and click Yes to save the changes.
Once files.txt is saved, FindAWF does the following:
-It attempts to terminate the process represented by each filename on the list, if running
-Deletes the rogue file from the parent folder, if present
-Copies the original file to the parent folderWhen done with the above, it automatically runs a new scan and opens a new log.
Please provide the new FindAWF log in your reply.Your java is out of date and can be exploited.
Download the latest version of http://java.sun.com/javase/downloads/index.jsp
Scroll down to where it says "The J2SE Runtime Environment (JRE) allows end-users to run Java applications".
Click the "Download" button to the right.
Check the box that says: "Accept License Agreement". The page will refresh.
Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
Close any programs you may have running - especially your web browser.
Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java. Check any item with Java Runtime Environment (JRE or J2SE) in the name. It should have the "coffee cup" icon next to it.
Click the Remove or Change/Remove button. Repeat as many times as necessary to remove each Java versions.
Reboot your computer once all Java components are removed
. Then from your desktop double-click on jre-1_6_3-windowsi586-p.exe to install the newest version.
0
Find AWF report by noahdfear ©2006
Version 1.40
Option 2 run successfullyThe current date is: Sat 11/17/2007
The current time is: 9:08:36.50
bak folders found
~~~~~~~~~~~
Directory of C:\WINDOWS\BAK10/05/2001 10:54 AM 118,784 TPPALDR.exe
1 File(s) 118,784 bytesDirectory of C:\PROGRA~1\BCWIPE\BAK
06/22/2007 03:28 AM 512,752 BCWipeTM.exe
1 File(s) 512,752 bytesDirectory of C:\PROGRA~1\OMNIPAGE\BAK
05/08/2003 12:00 PM 49,152 OpwareSE2.exe
1 File(s) 49,152 bytesDirectory of C:\PROGRA~1\SYMNET~1\BAK
12/10/2006 11:50 AM 100,056 SNDMon.exe
1 File(s) 100,056 bytesDirectory of C:\PROGRA~1\UPSMON\BAK
11/26/2004 01:24 PM 429,568 UPSMON.exe
11/16/2007 06:34 PM 45 UPSMON.ini
2 File(s) 429,613 bytesDirectory of C:\PROGRA~1\COMMON~1\SYMANT~2\BAK
01/09/2007 05:32 PM 58,984 ccApp.exe
1 File(s) 58,984 bytesDirectory of C:\PROGRA~1\GOOGLE\GOOGLE~2\BAK
09/07/2007 07:32 PM 68,856 GoogleToolbarNotifier.exe
1 File(s) 68,856 bytesDirectory of C:\PROGRA~1\VERIZO~1\HELPSU~1\BAK
05/23/2005 12:20 PM 50,744 VERIZO~1.exe
1 File(s) 50,744 bytesDirectory of C:\WINDOWS\IME\IMJP8_1\BAK
08/04/2004 12:31 AM 208,952 IMJPMIG.exe
1 File(s) 208,952 bytesDirectory of C:\WINDOWS\IME\IMKR6_1\BAK
08/18/2001 07:00 AM 44,032 IMEKRMIG.exe
1 File(s) 44,032 bytesDirectory of C:\PROGRA~1\VERIZO~1\HELPSU~1\SMARTB~1\BAK
07/22/2005 08:19 PM 385,024 MotiveSB.exe
1 File(s) 385,024 bytesDirectory of C:\DOCUME~1\MIKE\MYDOCU~1\VOLPE\CATS\BAK
04/30/2000 08:47 PM 2,383,360 CATS1a.ics
05/16/2000 08:18 AM 21,406,208 CATS1b B1.ics
08/20/2003 04:01 PM 3,931,136 CATS3a B1.ics
08/21/2003 03:43 PM 4,391,936 CATS3c B1.ics
09/07/2003 06:49 PM 4,421,632 CATS3c B2.ics
09/28/2003 08:24 PM 4,537,344 CATS3c B3.ics
04/29/2000 08:23 AM 153,600 Old Throttle.ics
12/09/2000 07:59 PM 1,968,128 ThrottleQuad0.ics
12/12/2000 07:47 PM 1,766,912 ThrottleQuad1 B1.ics
9 File(s) 44,960,256 bytesDirectory of F:\MIKEBA~1\DOCUME~1\VOLPE\CATS\BAK
04/30/2000 08:47 PM 2,383,360 CATS1a.ics
05/16/2000 08:18 AM 21,406,208 CATS1b B1.ics
08/20/2003 04:01 PM 3,931,136 CATS3a B1.ics
08/21/2003 03:43 PM 4,391,936 CATS3c B1.ics
09/07/2003 06:49 PM 4,421,632 CATS3c B2.ics
09/28/2003 08:24 PM 4,537,344 CATS3c B3.ics
04/29/2000 08:23 AM 153,600 Old Throttle.ics
12/09/2000 07:59 PM 1,968,128 ThrottleQuad0.ics
12/12/2000 07:47 PM 1,766,912 ThrottleQuad1 B1.ics
9 File(s) 44,960,256 bytes
Duplicate files of bak directory contents
~~~~~~~~~~~~~~~~~~~~~~~118784 Oct 5 2001 "C:\WINDOWS\TPPALDR.exe"
118784 Oct 5 2001 "C:\WINDOWS\bak\TPPALDR.exe"
118784 Oct 5 2001 "C:\WINDOWS\Drivers\TPP\tppaldr.exe"
512752 Jun 22 2007 "C:\Program Files\BCWipe\BCWipeTM.exe"
512752 Jun 22 2007 "C:\Program Files\BCWipe\bak\BCWipeTM.exe"
49152 May 8 2003 "C:\Program Files\OmniPage\OpwareSE2.exe"
49152 May 8 2003 "C:\Program Files\OmniPage\bak\OpwareSE2.exe"
100056 Dec 10 2006 "C:\Program Files\SymNetDrv\SNDMon.exe"
100056 Dec 10 2006 "C:\Program Files\SymNetDrv\bak\SNDMon.exe"
429568 Nov 26 2004 "C:\Program Files\UPSMON\UPSMON.exe"
429568 Nov 26 2004 "C:\Program Files\UPSMON\bak\UPSMON.exe"
45 Nov 16 2007 "C:\Program Files\UPSMON\UPSMON.ini"
45 Nov 16 2007 "C:\Program Files\UPSMON\bak\UPSMON.ini"
58984 Jan 9 2007 "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
58984 Jan 9 2007 "C:\Program Files\Common Files\Symantec Shared\bak\ccApp.exe"
58992 Dec 13 2004 "C:\Documents and Settings\Admin\LocalSettings\Temp\NAV\Support\ccCommon\ccCommon\ccApp.exe"
58992 Dec 13 2004 "C:\Documents and Settings\Mike\LocalSettings\Temp\NAV\Support\ccCommon\ccCommon\ccApp.exe"
52272 Feb 7 2007 "C:\Program Files\Google\googletoolbar3user.exe"
68856 Sep 7 2007 "C:\ProgramFiles\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
559784 Dec 3 2006 "C:\Program Files\CommonFiles\Real\GToolbar\GoogleToolbarInstaller.exe"
138168 Feb 7 2007 "C:\Program Files\Google\Common\GoogleUpdater\GoogleUpdaterService.exe"
68856 Sep 7 2007 "C:\ProgramFiles\Google\GoogleToolbarNotifier\bak\GoogleToolbarNotifier.exe"
50744 May 23 2005 "C:\Program Files\Verizon Online\HelpSupport\VerizonSupport.exe"
50744 May 23 2005 "C:\Program Files\Verizon Online\HelpSupport\bak\VERIZO~1.exe"
122660 Jul 22 2005 "C:\Program Files\Verizon Online\HelpSupport\SmartBridge\VerizonSetPanFolder.exe"
122660 Jul 22 2005 "C:\Program Files\Verizon Online\HelpSupport\SmartBridge\Original\VerizonSetPanFolder.exe"
122660 Jul 22 2005 "C:\Program Files\Verizon Online\HelpSupport\SmartBridge\Updates\VerizonSetPanFolder.exe"
208952 Aug 4 2004 "C:\WINDOWS\ime\imjp8_1\IMJPMIG.exe"
208952 Aug 4 2004 "C:\WINDOWS\ime\imjp8_1\bak\IMJPMIG.exe"
44032 Aug 18 2001 "C:\WINDOWS\ime\imkr6_1\IMEKRMIG.exe"
44032 Aug 18 2001 "C:\WINDOWS\ime\imkr6_1\bak\IMEKRMIG.exe"
385024 Jul 22 2005 "C:\Program Files\Verizon Online\HelpSupport\SmartBridge\MotiveSB.exe"
385024 Jul 22 2005 "C:\Program Files\Verizon Online\HelpSupport\SmartBridge\bak\MotiveSB.exe"
385024 Jul 22 2005 "C:\Program Files\Verizon Online\HelpSupport\SmartBridge\Original\MotiveSB.exe"
385024 Jul 22 2005 "C:\Program Files\Verizon Online\HelpSupport\SmartBridge\Updates\MotiveSB.exe"
2383360 Apr 30 2000 "C:\Documents and Settings\Mike\MyDocuments\Volpe\CATS\CATS1a.ics"
2383360 Apr 30 2000 "C:\Documents and Settings\Mike\MyDocuments\Volpe\CATS\Bak\CATS1a.ics"
2383360 Apr 30 2000 "F:\Mike Backup\Documents\Volpe\CATS\CATS1a.ics"
2383360 Apr 30 2000 "F:\Mike Backup\Documents\Volpe\CATS\Bak\CATS1a.ics"
21406208 May 16 2000 "C:\Documents and Settings\Mike\My Documents\Volpe\CATS\CATS1bB1.ics"
21406208 May 16 2000 "C:\Documents and Settings\Mike\MyDocuments\Volpe\CATS\Bak\CATS1b B1.ics"
21406208 May 16 2000 "F:\Mike Backup\Documents\Volpe\CATS\CATS1b B1.ics"
21406208 May 16 2000 "F:\Mike Backup\Documents\Volpe\CATS\Bak\CATS1b B1.ics"
3931136 Aug 20 2003 "C:\Documents and Settings\Mike\My Documents\Volpe\CATS\CATS3aB1.ics"
3931136 Aug 20 2003 "C:\Documents and Settings\Mike\MyDocuments\Volpe\CATS\Bak\CATS3a B1.ics"
3931136 Aug 20 2003 "F:\Mike Backup\Documents\Volpe\CATS\CATS3a B1.ics"
3931136 Aug 20 2003 "F:\Mike Backup\Documents\Volpe\CATS\Bak\CATS3a B1.ics"
4391936 Aug 21 2003 "C:\Documents and Settings\Mike\My Documents\Volpe\CATS\CATS3cB1.ics"
4391936 Aug 21 2003 "C:\Documents and Settings\Mike\MyDocuments\Volpe\CATS\Bak\CATS3c B1.ics"
4391936 Aug 21 2003 "F:\Mike Backup\Documents\Volpe\CATS\CATS3c B1.ics"
4391936 Aug 21 2003 "F:\Mike Backup\Documents\Volpe\CATS\Bak\CATS3c B1.ics"
4537344 Sep 28 2003 "C:\Documents and Settings\Mike\My Documents\Volpe\CATS\CATS3cB3.ics"
4537344 Sep 28 2003 "C:\Documents and Settings\Mike\MyDocuments\Volpe\CATS\Bak\CATS3c B3.ics"
4421632 Sep 7 2003 "F:\Mike Backup\Documents\Volpe\CATS\CATS3c B2.ics"
4421632 Sep 7 2003 "F:\Mike Backup\Documents\Volpe\CATS\Bak\CATS3c B2.ics"
4421632 Sep 7 2003 "C:\Documents and Settings\Mike\My Documents\Volpe\CATS\CATS3cB2.ics"
4421632 Sep 7 2003 "C:\Documents and Settings\Mike\MyDocuments\Volpe\CATS\Bak\CATS3c B2.ics"
4537344 Sep 28 2003 "F:\Mike Backup\Documents\Volpe\CATS\CATS3c B3.ics"
4537344 Sep 28 2003 "F:\Mike Backup\Documents\Volpe\CATS\Bak\CATS3c B3.ics"
153600 Apr 29 2000 "C:\Documents and Settings\Mike\MyDocuments\Volpe\CATS\OldThrottle.ics"
153600 Apr 29 2000 "C:\Documents and Settings\Mike\MyDocuments\Volpe\CATS\Bak\Old Throttle.ics"
153600 Apr 29 2000 "F:\Mike Backup\Documents\Volpe\CATS\OldThrottle.ics"
153600 Apr 29 2000 "F:\Mike Backup\Documents\Volpe\CATS\Bak\Old Throttle.ics"
534528 Oct 16 2003 "C:\Documents and Settings\Mike\MyDocuments\Volpe\CATS\ThrottleQuad1.ics"
1968128 Dec 9 2000 "C:\Documents and Settings\Mike\MyDocuments\Volpe\CATS\Bak\ThrottleQuad0.ics"
534528 Oct 16 2003 "F:\Mike Backup\Documents\Volpe\CATS\ThrottleQuad1.ics"
1968128 Dec 9 2000 "F:\Mike Backup\Documents\Volpe\CATS\Bak\ThrottleQuad0.ics"
1968128 Dec 9 2000 "C:\Documents and Settings\Mike\MyDocuments\Volpe\CATS\ThrottleQuad0.ics"
1766912 Dec 12 2000 "C:\Documents and Settings\Mike\MyDocuments\Volpe\CATS\Bak\ThrottleQuad1 B1.ics"
1968128 Dec 9 2000 "F:\Mike Backup\Documents\Volpe\CATS\ThrottleQuad0.ics"
1766912 Dec 12 2000 "F:\Mike Backup\Documents\Volpe\CATS\Bak\ThrottleQuad1 B1.ics"
2383360 Apr 30 2000 "C:\Documents and Settings\Mike\MyDocuments\Volpe\CATS\CATS1a.ics"
2383360 Apr 30 2000 "C:\Documents and Settings\Mike\MyDocuments\Volpe\CATS\Bak\CATS1a.ics"
2383360 Apr 30 2000 "F:\Mike Backup\Documents\Volpe\CATS\CATS1a.ics"
2383360 Apr 30 2000 "F:\Mike Backup\Documents\Volpe\CATS\Bak\CATS1a.ics"
21406208 May 16 2000 "C:\Documents and Settings\Mike\My Documents\Volpe\CATS\CATS1bB1.ics"
21406208 May 16 2000 "C:\Documents and Settings\Mike\MyDocuments\Volpe\CATS\Bak\CATS1b B1.ics"
21406208 May 16 2000 "F:\Mike Backup\Documents\Volpe\CATS\CATS1b B1.ics"
21406208 May 16 2000 "F:\Mike Backup\Documents\Volpe\CATS\Bak\CATS1b B1.ics"
3931136 Aug 20 2003 "C:\Documents and Settings\Mike\My Documents\Volpe\CATS\CATS3aB1.ics"
3931136 Aug 20 2003 "C:\Documents and Settings\Mike\MyDocuments\Volpe\CATS\Bak\CATS3a B1.ics"
3931136 Aug 20 2003 "F:\Mike Backup\Documents\Volpe\CATS\CATS3a B1.ics"
3931136 Aug 20 2003 "F:\Mike Backup\Documents\Volpe\CATS\Bak\CATS3a B1.ics"
4391936 Aug 21 2003 "C:\Documents and Settings\Mike\My Documents\Volpe\CATS\CATS3cB1.ics"
4391936 Aug 21 2003 "C:\Documents and Settings\Mike\MyDocuments\Volpe\CATS\Bak\CATS3c B1.ics"
4391936 Aug 21 2003 "F:\Mike Backup\Documents\Volpe\CATS\CATS3c B1.ics"
4391936 Aug 21 2003 "F:\Mike Backup\Documents\Volpe\CATS\Bak\CATS3c B1.ics"
4537344 Sep 28 2003 "C:\Documents and Settings\Mike\My Documents\Volpe\CATS\CATS3cB3.ics"
4537344 Sep 28 2003 "C:\Documents and Settings\Mike\MyDocuments\Volpe\CATS\Bak\CATS3c B3.ics"
4421632 Sep 7 2003 "F:\Mike Backup\Documents\Volpe\CATS\CATS3c B2.ics"
4421632 Sep 7 2003 "F:\Mike Backup\Documents\Volpe\CATS\Bak\CATS3c B2.ics"
4421632 Sep 7 2003 "C:\Documents and Settings\Mike\My Documents\Volpe\CATS\CATS3cB2.ics"
4421632 Sep 7 2003 "C:\Documents and Settings\Mike\MyDocuments\Volpe\CATS\Bak\CATS3c B2.ics"
4537344 Sep 28 2003 "F:\Mike Backup\Documents\Volpe\CATS\CATS3c B3.ics"
4537344 Sep 28 2003 "F:\Mike Backup\Documents\Volpe\CATS\Bak\CATS3c B3.ics"
153600 Apr 29 2000 "C:\Documents and Settings\Mike\MyDocuments\Volpe\CATS\OldThrottle.ics"
153600 Apr 29 2000 "C:\Documents and Settings\Mike\MyDocuments\Volpe\CATS\Bak\Old Throttle.ics"
153600 Apr 29 2000 "F:\Mike Backup\Documents\Volpe\CATS\OldThrottle.ics"
153600 Apr 29 2000 "F:\Mike Backup\Documents\Volpe\CATS\Bak\Old Throttle.ics"
534528 Oct 16 2003 "C:\Documents and Settings\Mike\MyDocuments\Volpe\CATS\ThrottleQuad1.ics"
1968128 Dec 9 2000 "C:\Documents and Settings\Mike\MyDocuments\Volpe\CATS\Bak\ThrottleQuad0.ics"
534528 Oct 16 2003 "F:\Mike Backup\Documents\Volpe\CATS\ThrottleQuad1.ics"
1968128 Dec 9 2000 "F:\Mike Backup\Documents\Volpe\CATS\Bak\ThrottleQuad0.ics"
1968128 Dec 9 2000 "C:\Documents and Settings\Mike\MyDocuments\Volpe\CATS\ThrottleQuad0.ics"
1766912 Dec 12 2000 "C:\Documents and Settings\Mike\MyDocuments\Volpe\CATS\Bak\ThrottleQuad1 B1.ics"
1968128 Dec 9 2000 "F:\Mike Backup\Documents\Volpe\CATS\ThrottleQuad0.ics"
1766912 Dec 12 2000 "F:\Mike Backup\Documents\Volpe\CATS\Bak\ThrottleQuad1 B1.ics"
end of reportThanks.
0
Option 3:
Double-click the FindAWF icon once againIf a Security Alert shows, allow the program to run.
As instructed, press any key to continue.
Use the following option: Press 3 then Enter to remove bak foldersA text file opens called: folders.txt
Click below the line and paste the following list of folders to be removed:
C:\WINDOWS\bak
C:\Program Files\BCWipe\bak
C:\Program Files\OmniPage\bak
C:\Program Files\SymNetDrv\bak
C:\Program Files\UPSMON\bak
C:\Program Files\UPSMON\bak
C:\Program Files\Common Files\Symantec Shared\bak
C:\Program Files\Google\GoogleToolbarNotifier\bak
C:\Program Files\Verizon Online\Help Support\bak
C:\WINDOWS\ime\imjp8_1\bak
C:\WINDOWS\ime\imkr6_1\bak
C:\Program Files\Verizon Online\Help Support\SmartBridge\bak
C:\Documents and Settings\Mike\My Documents\Volpe\CATS\Bak
F:\Mike Backup\Documents\Volpe\CATS\Bak
C:\Documents and Settings\Mike\My Documents\Volpe\CATS\Bak
F:\Mike Backup\Documents\Volpe\CATS\Bak
C:\Documents and Settings\Mike\My Documents\Volpe\CATS\Bak
F:\Mike Backup\Documents\Volpe\CATS\Bak
C:\Documents and Settings\Mike\My Documents\Volpe\CATS\Bak
F:\Mike Backup\Documents\Volpe\CATS\Bak
C:\Documents and Settings\Mike\My Documents\Volpe\CATS\Bak
F:\Mike Backup\Documents\Volpe\CATS\Bak\
C:\Documents and Settings\Mike\My Documents\Volpe\CATS\Bak
F:\Mike Backup\Documents\Volpe\CATS\Bak
C:\Documents and Settings\Mike\My Documents\Volpe\CATS\Bak
F:\Mike Backup\Documents\Volpe\CATS\Bak
C:\Documents and Settings\Mike\My Documents\Volpe\CATS\Bak
F:\Mike Backup\Documents\Volpe\CATS\Bak
C:\Documents and Settings\Mike\My Documents\Volpe\CATS\Bak
F:\Mike Backup\Documents\Volpe\CATS\Bak
C:\Documents and Settings\Mike\My Documents\Volpe\CATS\Bak
F:\Mike Backup\Documents\Volpe\CATS\Bak
C:\Documents and Settings\Mike\My Documents\Volpe\CATS\Bak
F:\Mike Backup\Documents\Volpe\CATS\Bak
C:\Documents and Settings\Mike\My Documents\Volpe\CATS\Bak
F:\Mike Backup\Documents\Volpe\CATS\Bak
C:\Documents and Settings\Mike\My Documents\Volpe\CATS\Bak
F:\Mike Backup\Documents\Volpe\CATS\Bak
C:\Documents and Settings\Mike\My Documents\Volpe\CATS\Bak
F:\Mike Backup\Documents\Volpe\CATS\Bak
C:\Documents and Settings\Mike\My Documents\Volpe\CATS\Bak
F:\Mike Backup\Documents\Volpe\CATS\Bak
C:\Documents and Settings\Mike\My Documents\Volpe\CATS\Bak
F:\Mike Backup\Documents\Volpe\CATS\Bak
C:\Documents and Settings\Mike\My Documents\Volpe\CATS\Bak
F:\Mike Backup\Documents\Volpe\CATS\Bak
C:\Documents and Settings\Mike\My Documents\Volpe\CATS\Bak
F:\Mike Backup\Documents\Volpe\CATS\Bak
Next, close and click Yes to save the changes.
Once folders.txt is saved, FindAWF does the following:
-It deletes the contents of the bak folders
-Removes the bak foldersWhen done with the above, it automatically runs a new scan and opens a new log.
Please provide the new FindAWF log in your reply.
Next Option 4.
Option 4:
Double-click the FindAWF icon once againIf a Security Alert shows, allow the program to run.
As instructed, press any key to continue.
Use the following option: Press 4 then Enter to reset domain zonesThis removes all entries from the domain zones.
When the program returns to the main menu, use the following option:
Press E then Enter to EXITNext,
Launch Notepad, and copy/paste everything between the X's making "regedit4" the very top line.
Save in: Desktop
File Name: fixme.reg
Save as Type: All files
Click: Save
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
REGEDIT4
[-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains]
[-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges]
[-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains]
[-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges]
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
Then, disconnect from the Internet!
Next,
Back on the Desktop, double-click on the fixme.reg file you just saved and click on Yes when asked to merge the information.
Optional if the following programs are in your computer.
Note that since the Domains are deleted SpywareBlaster protection must be re-enabled. Spybot's Immunize feature must be used again, also you have to re-install IE-SpyAd if installed.
Delete the fixme.reg file just created.Please download ComboFix to the desktop from this link:
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Double-click combofix.exe
Follow the prompts.
(Don't click on the window while the program is running, it may cause your system to hang.)Please post the log it produces.
0
Find AWF report by noahdfear ©2006
Version 1.40
Option 3 run successfullyThe current date is: Sat 11/17/2007
The current time is: 15:17:47.67
bak folders found
~~~~~~~~~~~Duplicate files of bak directory contents
~~~~~~~~~~~~~~~~~~~~~~~end of report
ComboFix 07-11-08.1 - Paula 2007-11-17 15:27:41.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.236 [GMT -5:00]
Running from: C:\Documents and Settings\Paula\Desktop\ComboFix.exe
* Created a new restore point
.((((((((((((((((((((((((( Files Created from 2007-10-17 to 2007-11-17 )))))))))))))))))))))))))))))))
.2007-11-17 15:25 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-10-27 22:13 <DIR> d-------- C:\Documents and Settings\Test\Application Data\TrueCrypt
2007-10-19 09:19 0 --a------ C:\WINDOWS\nsreg.dat.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-17 20:17 --------- d-----w C:\Program Files\UPSMON
2007-11-17 20:17 --------- d-----w C:\Program Files\SymNetDrv
2007-11-17 20:17 --------- d-----w C:\Program Files\OmniPage
2007-11-17 20:17 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2007-11-17 20:17 --------- d-----w C:\Program Files\BCWipe
2007-11-09 20:31 --------- d-----w C:\Documents and Settings\Mike\Application Data\AdobeUM
2007-11-06 02:41 --------- d-----w C:\Documents and Settings\Paula\Application Data\Canon
2007-10-29 20:11 --------- d-----w C:\Documents and Settings\Paula\Application Data\AdobeUM
2007-10-22 00:10 --------- d-----w C:\Program Files\Photo Finale
2007-10-16 22:50 --------- d-----w C:\Program Files\Ad-aware
2007-09-30 14:00 --------- d-----w C:\Documents and Settings\Mike\Application Data\Canon
2006-11-28 15:06 70,152 ----a-w C:\Documents and Settings\Paula\Application Data\GDIPFONTCACHEV1.DAT
2005-10-28 18:55 70,152 ----a-w C:\Documents and Settings\Mike\Application Data\GDIPFONTCACHEV1.DAT
2001-10-05 15:53 21,866 ----a-w C:\Program Files\Common Files\tppupd2k.dll
.((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UPSMON"="C:\Program Files\UPSMON\UPSMON.exe" [2004-11-26 13:24]
"TPP Auto Loader"="C:\WINDOWS\TPPALDR.exe" [2001-10-05 10:54]
"nwiz"="nwiz.exe" [2002-01-15 10:06 C:\WINDOWS\system32\nwiz.exe]
"NvCplDaemon"="NvQTwk" []
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-04 00:31]
"IMEKRMIG6.1"="C:\WINDOWS\ime\imkr6_1\IMEKRMIG.exe" [2001-08-18 07:00]
"A Verizon App"="C:\PROGRA~1\VERIZO~1\HELPSU~1\VERIZO~1.exe" [2005-05-23 12:20]
"OpwareSE2"="C:\Program Files\OmniPage\OpwareSE2.exe" [2003-05-08 12:00]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-09 17:32]
"Symantec NetDriver Monitor"="C:\PROGRA~1\SYMNET~1\SNDMon.exe" [2006-12-10 11:50]
"BCWipeTM Startup"="C:\Program Files\BCWipe\BCWipeTM.exe" [2007-06-22 03:28]C:\Documents and Settings\Admin\Start Menu\Programs\Startup\
Microsoft Find Fast.lnk - C:\Program Files\Microsoft Office\Office\FINDFAST.exe [1996-11-16 23:00:00]
Office Startup.lnk - C:\Program Files\Microsoft Office\Office\OSA.exe [1996-11-16 23:00:00]C:\Documents and Settings\Mike\Start Menu\Programs\Startup\
Foxmail.lnk - C:\Program Files\Foxmail\Foxmail.exe [2002-04-09 10:34:56]C:\Documents and Settings\Paula\Start Menu\Programs\Startup\
PaulaBackup.lnk - C:\Documents and Settings\All Users\Documents\Utilities\PaulaBackup.Bat [2002-07-25 17:55:24][HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^InterVideo WinCinema Manager.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\InterVideo WinCinema Manager.lnk
backup=C:\WINDOWS\pss\InterVideo WinCinema Manager.lnkCommon Startup[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^PGPtray.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\PGPtray.lnk
backup=C:\WINDOWS\pss\PGPtray.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C-Media Mixer]
Mixer.exe /startup[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Motive SmartBridge]
C:\PROGRA~1\VERIZO~1\HELPSU~1\SMARTB~1\MotiveSB.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Norton Ghost 9.0]
C:\Program Files\Norton Ghost\Agent\GhostTray.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealPlayer]
"C:\Program Files\Real\realplay.exe" /RunUPGToolCommandReBoot[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osbootR0 Fasttrak;Fasttrak;C:\WINDOWS\system32\drivers\Fasttrak.sys
R0 PQV2i;PQV2i;C:\WINDOWS\system32\drivers\PQV2i.sys
R1 PQIMount;PQIMount;C:\WINDOWS\system32\drivers\PQIMount.sys
R2 PGPdisk;PGPdisk;C:\WINDOWS\system32\drivers\PGPdisk.sys
R2 PGPsdkDriver;PGPsdkDriver;C:\WINDOWS\system32\Drivers\PGPsdk.sys
R3 pnicII;Linksys Fast Ethernet PCI Card;C:\WINDOWS\system32\DRIVERS\lne100.SYS
S2 ousbehci;NEC PCI to USB Enhanced Host Controller;C:\WINDOWS\system32\Drivers\ousbehci.sys
S3 bDMusicb;bDMusicb;\??\C:\DOCUME~1\Paula\LOCALS~1\Temp\bDMusicb.sys
S3 BVRPMPR5;BVRPMPR5 NDIS Protocol Driver;\??\D:\INSTAL~E\Core\BVRPMPR5.SYS
S3 ousb2hub;OrangeWare USB 2.0 Root Hub Support;C:\WINDOWS\system32\DRIVERS\ousb2hub.sys
S3 RD5130;HomePlug USB to Ethernet Adapter v0.9;C:\WINDOWS\system32\DRIVERS\RD5130.SYS
S3 SetupNTGLM7X;SetupNTGLM7X;\??\E:\NTGLM7X.sys
S3 TPP300;USB Storage Adapter V3 (TPP);C:\WINDOWS\system32\DRIVERS\TPP300.SYS
S4 BCSWAP;BCSWAP;C:\WINDOWS\system32\drivers\BCSWAP.sys.
Contents of the 'Scheduled Tasks' folder
"2006-12-23 03:03:42 C:\WINDOWS\Tasks\Norton AntiVirus - Scan my computer - Mike.job"
- C:\PROGRA~1\NORTON~2\Navw32.exe
.
**************************************************************************catchme 0.3.1250 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-17 15:34:02
Windows 5.1.2600 Service Pack 2 NTFSscanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0**************************************************************************
.
Completion time: 2007-11-17 15:46:50 - machine was rebooted
.
--- E O F ---
0
Looks much better.
Please download ATF-Cleaner to your desktop from this link
http://www.atribune.org/content/view/19/2/ We will need it later in safe modeEmpty the restore folder. Go to start>control panel>system>system restore tab>check the box beside "turn off system restore>apply (takes a minute)>ok. Go back and uncheck the box to turn system restore back on>apply>ok.
Next, please reboot your computer in Safe Mode by doing the following :
Restart your computer
After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
Instead of Windows loading as normal, a menu with options should appear;
Select the first option, to run Windows in Safe Mode, then press "Enter".
Choose your usual account.
Run ATF-Cleaner from safe mode.Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.Boot to normal mode and post a new Hijack This log please.
0
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:46:03 PM, on 11/17/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: NormalRunning processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\Explorer.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\System32\GEARSec.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton Ghost\Agent\PQV2iSvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\PGPsdkServ.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\UPSMON\UPSMON_Service.exe
C:\Program Files\UPSMON\UPSMON.exe
C:\WINDOWS\TPPALDR.exe
C:\PROGRA~1\VERIZO~1\HELPSU~1\VERIZO~1.exe
C:\Program Files\OmniPage\OpwareSE2.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Verizon Online\ConnMgr\cmisrv.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Common Files\Verizon Online\AppMgr\vzOpenUIServer.exe
C:\Program Files\Common Files\MotiveBrowser\MotiveBrowser.exe
C:\Program Files\Microsoft Office\Office10\WINWORD.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\msagent\AgentSvr.exe
C:\Program Files\HijackThis\HijackThis.exeO2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Acrobat\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [UPSMON] "C:\Program Files\UPSMON\UPSMON.exe"
O4 - HKLM\..\Run: [TPP Auto Loader] C:\WINDOWS\TPPALDR.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.exe NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.exe
O4 - HKLM\..\Run: [A Verizon App] C:\PROGRA~1\VERIZO~1\HELPSU~1\VERIZO~1.exe
O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\OmniPage\OpwareSE2.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [BCWipeTM Startup] "C:\Program Files\BCWipe\BCWipeTM.exe" startup
O4 - Startup: PaulaBackup.lnk = Utilities\PaulaBackup.Bat
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?lin...
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?lin...
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52...
O17 - HKLM\System\CCS\Services\Tcpip\..\{5036B51A-6155-41B5-B3F2-51D90E4E0699}: NameServer = 198.168.0.1,4.2.2.2
O17 - HKLM\System\CCS\Services\Tcpip\..\{8DE7FA26-6C60-4286-BE12-7E12CA037BB0}: NameServer = 192.168.0.1,4.2.2.2
O17 - HKLM\System\CS1\Services\Tcpip\..\{5036B51A-6155-41B5-B3F2-51D90E4E0699}: NameServer = 198.168.0.1,4.2.2.2
O17 - HKLM\System\CS2\Services\Tcpip\..\{5036B51A-6155-41B5-B3F2-51D90E4E0699}: NameServer = 198.168.0.1,4.2.2.2
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Norton Ghost\Agent\PQV2iSvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PGPsdkService (PGPsdkServ) - PGP Corporation - C:\WINDOWS\System32\PGPsdkServ.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~2\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: UPSMONService - Unknown owner - C:\Program Files\UPSMON\UPSMON_Service.exe--
End of file - 7186 bytesThanks.
0
Looks okay. Quick scan with Windows Malicious Software Removal Tool shows no sign of anything. Norton AV now runs. Also, Internet Explorer is also starting much faster (starting October 19, it would take 10-30 minutes to load the home page; now it’s less than a minute).
Thank you very much.
0  |
 |
 |
This post is quite old and has been locked from receiving new replies. Please create a new posting instead.
| Ads by Google |
