Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Help Remove b.whataboutdog.com

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Help Remove b.whataboutdog.com

Unread postby jbrownlee » December 16th, 2007, 6:59 pm

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:55:54 PM, on 12/16/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\S24EvMon.exe
C:\WINDOWS\system32\ZCfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\a-squared free\a2service.exe
C:\WINDOWS\system32\bmwebcfg.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\PcCtlCom.exe
C:\WINDOWS\System32\RegSrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\TmPfw.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\tmproxy.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe
C:\WINDOWS\System32\1XConfig.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\PcScnSrv.exe
C:\Program Files\Trend Micro\Internet Security 2007\pccguide.exe
C:\WINDOWS\system32\lxcecoms.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mousavers.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_19_0.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_19_0.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [IndicatorUtility] C:\Program Files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe
O4 - HKLM\..\Run: [LXCECATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCEtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [lxcemon.exe] "C:\Program Files\Lexmark 4300 Series\lxcemon.exe"
O4 - HKLM\..\Run: [LoadBtnHnd] C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe
O4 - HKLM\..\Run: [FJUPDNV_Chitose] C:\Program Files\Fujitsu\fjdvrupd\fjdvrupd.exe
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 4300 Series\ezprint.exe"
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2007\pccguide.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpyDefender Shield] "C:\Program Files\SpyDefender Pro\SpyDefender.exe" --scan2
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: bmnet.dll
O10 - Unknown file in Winsock LSP: bmnet.dll
O10 - Unknown file in Winsock LSP: bmnet.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.computers.us.fujitsu.com/
O15 - Trusted Zone: *.doginhispen.com
O15 - Trusted Zone: *.whataboutadog.com
O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} (MetaStreamCtl Class) - https://components.viewpoint.com/MTSIns ... eloadredir
O16 - DPF: {210D0CBC-8B17-48D1-B294-1A338DD2EB3A} (VatCtrl Class) - http://www.second.org/cam/VatDec.cab
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab
O16 - DPF: {40F8967E-34A6-474A-837A-CEC1E7DAC54C} (QuickBooks Online Edition Utilities Class v9) - https://accounting.quickbooks.com/c7/v16.554/qboax9.cab
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} - http://ipgweb.cce.hp.com/rdqnbk/downloads/sysinfo.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 0222620506
O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4.0) - http://ipgweb.cce.hp.com/rdqnbk/downloads/msxml4.cab
O16 - DPF: {8CE3BAE6-AB66-40B6-9019-41E5282FF1E2} (QuickBooks Online Edition Utilities Class v8) - https://accounting.quickbooks.com/c4/v14.217/qboax8.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} - http://cam5.brett-robinson.com/activex/ ... ontrol.cab
O16 - DPF: {9A54032D-31F7-400D-B184-83B33BDE65FA} (MSN File Upload Control) - http://sc.groups.msn.com/controls/FileUC/MsnUpld.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v ... b56649.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/popcaploader_v10.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - c:\program files\a-squared free\a2service.exe
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Bytemobile Web Configurator (bmwebcfg) - Bytemobile, Inc. - C:\WINDOWS\system32\bmwebcfg.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: lxce_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxcecoms.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~2\PcCtlCom.exe
O23 - Service: Trend Micro Protection Against Spyware (PcScnSrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~2\PcScnSrv.exe
O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\System32\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\System32\S24EvMon.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~2\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~2\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~2\tmproxy.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 9730 bytes
jbrownlee
Regular Member
 
Posts: 22
Joined: December 16th, 2007, 6:50 pm
Advertisement
Register to Remove

Re: Help Remove b.whataboutdog.com

Unread postby Shaba » December 19th, 2007, 10:35 am

Hi jbrownlee

Please download FindAWF and save it to your desktop

    * Double-click FindAWF.exe to start the tool.
    * Select option #1 - Scan for bak folders by typing 1 and press 'Enter'
    * When the tool has completed, a report will open up in notepad. Please post the results of the awf.txt here.

**Do not run any other option unless directed to do so.**

To access the Uninstall Manager you would do the following:

1. Start HijackThis
2. Click on the Config button
3. Click on the Misc Tools button
4. Click on the Open Uninstall Manager button.

You will now be presented with a screen similar to the one below:

Image

5. Click on the Save list... button and specify where you would like to save this file. When you press Save button a notepad will open with the contents of that file. Simply copy and paste the contents of that notepad here on your next reply.

Post:

- awf.txt
- uninstall list
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland

Re: Help Remove b.whataboutdog.com

Unread postby jbrownlee » December 19th, 2007, 2:38 pm

As requested:


ABBYY FineReader 6.0 Sprint
Ad-Aware 2007
Adobe Download Manager 1.2 (Remove Only)
Adobe Flash Player ActiveX
Adobe Photoshop Album 2.0 Starter Edition
Adobe Reader 7.0.9
Adobe Shockwave Player
Agere Systems AC'97 Modem
ALPS Touch Pad Driver
a-squared Free 2.0
AutoTap Diagnostic Scan Tool
Chuzzle Deluxe 1.0
Curitel PC Card Software
Fujitsu Driver Update V1.1L20
Fujitsu Hotkey Utility
Google Earth
Google Toolbar for Internet Explorer
HijackThis 2.0.2
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
Intel(R) Extreme Graphics 2 Driver
Intel(R) PROSet for Wireless
InterActual Player
InterVideo WinDVD
iTunes
J2SE Runtime Environment 5.0 Update 10
J2SE Runtime Environment 5.0 Update 11
J2SE Runtime Environment 5.0 Update 6
Java 2 Runtime Environment, SE v1.4.0_01
Java 2 Runtime Environment, SE v1.4.2_04
Java Web Start
Lexmark 4300 Series
Lexmark Fax Solutions
LifeBook Application Panel
LiveUpdate 1.90 (Symantec Corporation)
Microsoft Data Access Components KB870669
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office XP Professional with FrontPage
Microsoft Streets and Trips 2005 with USB GPS
Microsoft Works 7.0
MSN Music Assistant
MSXML 4.0 SP2 (KB925672)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
Netscape (7.0)
O2Micro MemoryCardBus Windows Driver
OLYMPUS DSS Player-Lite
Pacific Heroes
Peachtree Complete Accounting 2003
PlanWrite - Business Plan Writer Deluxe
Quicken 2004
QuickTime
RealPlayer
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB883939)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB896688)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899588)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB903235)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925486)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB944653)
SigmaTel AC97 Audio Drivers
Skype™ 3.6
Stamps.com Internet Postage
Trend Micro PC-cillin Internet Security 2007
Trend Micro PC-cillin Internet Security 2007
TurboTax Business 2005
TurboTax Business 2006
TurboTax Deluxe Deduction Maximizer 2006
TurboTax ItsDeductible 2006
Update for Windows XP (KB894391)
Update for Windows XP (KB896727)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB927891)
Update for Windows XP (KB929338)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB933360)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
Viewpoint Manager (Remove Only)
Viewpoint Media Player
WexTech AnswerWorks
Windows Installer 3.1 (KB893803)
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Media Format Runtime
Windows Media Player 10
Windows XP Hotfix - KB834707
Windows XP Hotfix - KB867282
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885884
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890047
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB890923
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893066
Windows XP Hotfix - KB893086
Windows XP Service Pack 2
Yahoo! Companion


Find AWF report by noahdfear ©2006
Version 1.40

The current date is: Wed 12/19/2007
The current time is: 12:29:48.37


bak folders found
~~~~~~~~~~~


Directory of C:\PROGRA~1\APOINT2K\BAK

07/16/2003 07:19 AM 159,744 Apoint.exe
1 File(s) 159,744 bytes

Directory of C:\PROGRA~1\ITUNES\BAK

12/18/2004 02:20 AM 278,528 iTunesHelper.exe
1 File(s) 278,528 bytes

Directory of C:\PROGRA~1\LEXMAR~1\BAK

07/26/2005 06:17 AM 94,208 ezprint.exe
08/02/2005 11:45 AM 192,512 lxcemon.exe
2 File(s) 286,720 bytes

Directory of C:\PROGRA~1\LEXMAR~2\BAK

07/12/2005 03:36 AM 299,008 fm3032.exe
1 File(s) 299,008 bytes

Directory of C:\PROGRA~1\MESSEN~1\BAK

0 File(s) 0 bytes

Directory of C:\PROGRA~1\QUICKT~2\BAK

08/02/2004 05:21 PM 98,304 qttask.exe
1 File(s) 98,304 bytes

Directory of C:\WINDOWS\SYSTEM32\BAK

08/04/2004 01:56 AM 15,360 ctfmon.exe
10/01/2003 11:19 PM 118,784 hkcmd.exe
2 File(s) 134,144 bytes

Directory of C:\PROGRA~1\FUJITSU\BTNHND\BAK

08/21/2003 11:37 AM 61,440 BtnHnd.exe
1 File(s) 61,440 bytes

Directory of C:\PROGRA~1\FUJITSU\FJDVRUPD\BAK

12/10/2003 07:08 PM 167,936 fjdvrupd.exe
1 File(s) 167,936 bytes

Directory of C:\PROGRA~1\FUJITSU\FUJITS~1\BAK

11/13/2003 05:26 PM 81,920 IndicatorUty.exe
1 File(s) 81,920 bytes

Directory of C:\PROGRA~1\TRENDM~1\INTERN~2\BAK

08/25/2006 10:25 AM 3,112,960 pccguide.exe
1 File(s) 3,112,960 bytes

Directory of C:\PROGRA~1\ADOBE\ACROBA~2.0\READER\BAK

03/30/2006 03:45 PM 313,472 AdobeUpdateManager.exe
1 File(s) 313,472 bytes

Directory of C:\PROGRA~1\COMMON~1\REAL\UPDATE~1\BAK

04/05/2006 05:39 PM 180,269 realsched.exe
1 File(s) 180,269 bytes

Directory of C:\PROGRA~1\JAVA\JRE15~2.0_1\BIN\BAK

12/15/2006 03:23 AM 75,520 jusched.exe
1 File(s) 75,520 bytes

Directory of C:\PROGRA~1\TRENDM~1\INTERN~2\TMAS_OE\BAK

08/18/2006 12:06 PM 315,392 TMAS_OEMon.exe
1 File(s) 315,392 bytes

Directory of C:\PROGRA~1\INTEL\PROSET~1\NCS\PROSET\BAK

12/10/2003 04:36 AM 86,016 PRONoMgr.exe
1 File(s) 86,016 bytes


Duplicate files of bak directory contents
~~~~~~~~~~~~~~~~~~~~~~~

26636 Oct 11 2007 "C:\Program Files\Apoint2K\Apoint.exe"
159744 Jul 16 2003 "C:\Program Files\Apoint2K\bak\Apoint.exe"
27152 Oct 10 2007 "C:\Program Files\iTunes\iTunesHelper.exe"
278528 Dec 18 2004 "C:\Program Files\iTunes\bak\iTunesHelper.exe"
26636 Oct 11 2007 "C:\Program Files\Lexmark 4300 Series\ezprint.exe"
94208 Jul 26 2005 "C:\Program Files\Lexmark 4300 Series\bak\ezprint.exe"
26636 Oct 11 2007 "C:\Program Files\Lexmark 4300 Series\lxcemon.exe"
192512 Aug 2 2005 "C:\Program Files\Lexmark 4300 Series\bak\lxcemon.exe"
26636 Oct 11 2007 "C:\Program Files\Lexmark Fax Solutions\fm3032.exe"
299008 Jul 12 2005 "C:\Program Files\Lexmark Fax Solutions\bak\fm3032.exe"
27152 Oct 10 2007 "C:\Program Files\QuickTime\qttask.exe"
98304 Aug 2 2004 "C:\Program Files\QuickTime\bak\qttask.exe"
15360 Aug 4 2004 "C:\WINDOWS\system32\ctfmon.exe"
15360 Aug 4 2004 "C:\WINDOWS\system32\bak\ctfmon.exe"
27152 Oct 10 2007 "C:\WINDOWS\system32\hkcmd.exe"
118784 Oct 1 2003 "C:\WINDOWS\system32\bak\hkcmd.exe"
26636 Oct 11 2007 "C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe"
61440 Aug 21 2003 "C:\Program Files\Fujitsu\BtnHnd\bak\BtnHnd.exe"
26636 Oct 11 2007 "C:\Program Files\Fujitsu\fjdvrupd\fjdvrupd.exe"
167936 Dec 10 2003 "C:\Program Files\Fujitsu\fjdvrupd\bak\fjdvrupd.exe"
26636 Oct 11 2007 "C:\Program Files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe"
81920 Nov 13 2003 "C:\Program Files\Fujitsu\Fujitsu Hotkey Utility\bak\IndicatorUty.exe"
3429904 Apr 12 2007 "C:\Program Files\Trend Micro\Internet Security 2007\pccguide.exe"
3112960 Aug 25 2006 "C:\Program Files\Trend Micro\Internet Security 2007\bak\pccguide.exe"
3112960 Aug 25 2006 "C:\Documents and Settings\Owner\Desktop\TIS2007GM-SMALL\Module\pccguide.exe"
950337 Feb 9 2004 "C:\Program Files\Trend Micro\TIS11_1120\Setup\program files\Trend Micro\PC-cillin\pccguide.exe"
27152 Oct 10 2007 "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe"
313472 Mar 30 2006 "C:\Program Files\Adobe\Acrobat 7.0\Reader\bak\AdobeUpdateManager.exe"
303104 Apr 16 2004 "C:\Program Files\Adobe\Photoshop Album Starter Edition\2.0\Apps\AdobeUpdateManager.exe"
26636 Oct 11 2007 "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"
180269 Apr 5 2006 "C:\Program Files\Common Files\Real\Update_OB\bak\realsched.exe"
32881 Feb 23 2004 "C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe"
36975 Nov 10 2005 "C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe"
49263 Nov 9 2006 "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
26636 Oct 11 2007 "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
75520 Dec 15 2006 "C:\Program Files\Java\jre1.5.0_11\bin\bak\jusched.exe"
480784 Apr 12 2007 "C:\Program Files\Trend Micro\Internet Security 2007\TMAS_OE\TMAS_OEImp.exe"
493072 Apr 12 2007 "C:\Program Files\Trend Micro\Internet Security 2007\TMAS_OL\TMAS_OLImp.exe"
315392 Aug 18 2006 "C:\Program Files\Trend Micro\Internet Security 2007\TMAS_OE\bak\TMAS_OEMon.exe"
27152 Oct 10 2007 "C:\Program Files\Intel\PROSetWireless\NCS\PROSet\PRONoMgr.exe"
86016 Dec 10 2003 "C:\Program Files\Intel\PROSetWireless\NCS\PROSet\bak\PRONoMgr.exe"


end of report
jbrownlee
Regular Member
 
Posts: 22
Joined: December 16th, 2007, 6:50 pm

Re: Help Remove b.whataboutdog.com

Unread postby Shaba » December 19th, 2007, 2:50 pm

Hi

Double-click FindAWF.exe to start the tool.

  • Select option #2 - Restore files from bak folders by typing 2 and press 'Enter'
  • A text file will open up. Please copy/paste the following bolded text into the text file:

    "C:\Program Files\Apoint2K\bak\Apoint.exe"
    "C:\Program Files\iTunes\bak\iTunesHelper.exe"
    "C:\Program Files\Lexmark 4300 Series\bak\ezprint.exe"
    "C:\Program Files\Lexmark 4300 Series\bak\lxcemon.exe"
    "C:\Program Files\Lexmark Fax Solutions\bak\fm3032.exe"
    "C:\Program Files\QuickTime\bak\qttask.exe"
    "C:\WINDOWS\system32\bak\hkcmd.exe"
    "C:\Program Files\Fujitsu\BtnHnd\bak\BtnHnd.exe"
    "C:\Program Files\Fujitsu\fjdvrupd\bak\fjdvrupd.exe"
    "C:\Program Files\Fujitsu\Fujitsu Hotkey Utility\bak\IndicatorUty.exe"
    "C:\Program Files\Trend Micro\Internet Security 2007\bak\pccguide.exe"
    "C:\Program Files\Adobe\Acrobat 7.0\Reader\bak\AdobeUpdateManager.exe"
    "C:\Program Files\Common Files\Real\Update_OB\bak\realsched.exe"
    "C:\Program Files\Java\jre1.5.0_11\bin\bak\jusched.exe"
    "C:\Program Files\Intel\PROSetWireless\NCS\PROSet\bak\PRONoMgr.exe"


  • Close the .txt file and click 'Yes' to save the changes.
  • When the tool has completed, a report will open up in notepad.
Please post the results of the awf.txt here.
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland

Re: Help Remove b.whataboutdog.com

Unread postby jbrownlee » December 19th, 2007, 2:56 pm

Find AWF report by noahdfear ©2006
Version 1.40
Option 2 run successfully

The current date is: Wed 12/19/2007
The current time is: 12:55:09.32


bak folders found
~~~~~~~~~~~


Directory of C:\PROGRA~1\APOINT2K\BAK

07/16/2003 07:19 AM 159,744 Apoint.exe
1 File(s) 159,744 bytes

Directory of C:\PROGRA~1\ITUNES\BAK

12/18/2004 02:20 AM 278,528 iTunesHelper.exe
1 File(s) 278,528 bytes

Directory of C:\PROGRA~1\LEXMAR~1\BAK

07/26/2005 06:17 AM 94,208 ezprint.exe
08/02/2005 11:45 AM 192,512 lxcemon.exe
2 File(s) 286,720 bytes

Directory of C:\PROGRA~1\LEXMAR~2\BAK

07/12/2005 03:36 AM 299,008 fm3032.exe
1 File(s) 299,008 bytes

Directory of C:\PROGRA~1\MESSEN~1\BAK

0 File(s) 0 bytes

Directory of C:\PROGRA~1\QUICKT~2\BAK

08/02/2004 05:21 PM 98,304 qttask.exe
1 File(s) 98,304 bytes

Directory of C:\WINDOWS\SYSTEM32\BAK

08/04/2004 01:56 AM 15,360 ctfmon.exe
10/01/2003 11:19 PM 118,784 hkcmd.exe
2 File(s) 134,144 bytes

Directory of C:\PROGRA~1\FUJITSU\BTNHND\BAK

08/21/2003 11:37 AM 61,440 BtnHnd.exe
1 File(s) 61,440 bytes

Directory of C:\PROGRA~1\FUJITSU\FJDVRUPD\BAK

12/10/2003 07:08 PM 167,936 fjdvrupd.exe
1 File(s) 167,936 bytes

Directory of C:\PROGRA~1\FUJITSU\FUJITS~1\BAK

11/13/2003 05:26 PM 81,920 IndicatorUty.exe
1 File(s) 81,920 bytes

Directory of C:\PROGRA~1\TRENDM~1\INTERN~2\BAK

08/25/2006 10:25 AM 3,112,960 pccguide.exe
1 File(s) 3,112,960 bytes

Directory of C:\PROGRA~1\ADOBE\ACROBA~2.0\READER\BAK

03/30/2006 03:45 PM 313,472 AdobeUpdateManager.exe
1 File(s) 313,472 bytes

Directory of C:\PROGRA~1\COMMON~1\REAL\UPDATE~1\BAK

04/05/2006 05:39 PM 180,269 realsched.exe
1 File(s) 180,269 bytes

Directory of C:\PROGRA~1\JAVA\JRE15~2.0_1\BIN\BAK

12/15/2006 03:23 AM 75,520 jusched.exe
1 File(s) 75,520 bytes

Directory of C:\PROGRA~1\TRENDM~1\INTERN~2\TMAS_OE\BAK

08/18/2006 12:06 PM 315,392 TMAS_OEMon.exe
1 File(s) 315,392 bytes

Directory of C:\PROGRA~1\INTEL\PROSET~1\NCS\PROSET\BAK

12/10/2003 04:36 AM 86,016 PRONoMgr.exe
1 File(s) 86,016 bytes


Duplicate files of bak directory contents
~~~~~~~~~~~~~~~~~~~~~~~

159744 Jul 16 2003 "C:\Program Files\Apoint2K\Apoint.exe"
159744 Jul 16 2003 "C:\Program Files\Apoint2K\bak\Apoint.exe"
278528 Dec 18 2004 "C:\Program Files\iTunes\iTunesHelper.exe"
278528 Dec 18 2004 "C:\Program Files\iTunes\bak\iTunesHelper.exe"
94208 Jul 26 2005 "C:\Program Files\Lexmark 4300 Series\ezprint.exe"
94208 Jul 26 2005 "C:\Program Files\Lexmark 4300 Series\bak\ezprint.exe"
192512 Aug 2 2005 "C:\Program Files\Lexmark 4300 Series\lxcemon.exe"
192512 Aug 2 2005 "C:\Program Files\Lexmark 4300 Series\bak\lxcemon.exe"
299008 Jul 12 2005 "C:\Program Files\Lexmark Fax Solutions\fm3032.exe"
299008 Jul 12 2005 "C:\Program Files\Lexmark Fax Solutions\bak\fm3032.exe"
98304 Aug 2 2004 "C:\Program Files\QuickTime\qttask.exe"
98304 Aug 2 2004 "C:\Program Files\QuickTime\bak\qttask.exe"
15360 Aug 4 2004 "C:\WINDOWS\system32\ctfmon.exe"
15360 Aug 4 2004 "C:\WINDOWS\system32\bak\ctfmon.exe"
118784 Oct 1 2003 "C:\WINDOWS\system32\hkcmd.exe"
118784 Oct 1 2003 "C:\WINDOWS\system32\bak\hkcmd.exe"
61440 Aug 21 2003 "C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe"
61440 Aug 21 2003 "C:\Program Files\Fujitsu\BtnHnd\bak\BtnHnd.exe"
167936 Dec 10 2003 "C:\Program Files\Fujitsu\fjdvrupd\fjdvrupd.exe"
167936 Dec 10 2003 "C:\Program Files\Fujitsu\fjdvrupd\bak\fjdvrupd.exe"
81920 Nov 13 2003 "C:\Program Files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe"
81920 Nov 13 2003 "C:\Program Files\Fujitsu\Fujitsu Hotkey Utility\bak\IndicatorUty.exe"
3429904 Apr 12 2007 "C:\Program Files\Trend Micro\Internet Security 2007\pccguide.exe"
3112960 Aug 25 2006 "C:\Program Files\Trend Micro\Internet Security 2007\bak\pccguide.exe"
3112960 Aug 25 2006 "C:\Documents and Settings\Owner\Desktop\TIS2007GM-SMALL\Module\pccguide.exe"
950337 Feb 9 2004 "C:\Program Files\Trend Micro\TIS11_1120\Setup\program files\Trend Micro\PC-cillin\pccguide.exe"
313472 Mar 30 2006 "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe"
313472 Mar 30 2006 "C:\Program Files\Adobe\Acrobat 7.0\Reader\bak\AdobeUpdateManager.exe"
303104 Apr 16 2004 "C:\Program Files\Adobe\Photoshop Album Starter Edition\2.0\Apps\AdobeUpdateManager.exe"
180269 Apr 5 2006 "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"
180269 Apr 5 2006 "C:\Program Files\Common Files\Real\Update_OB\bak\realsched.exe"
32881 Feb 23 2004 "C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe"
36975 Nov 10 2005 "C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe"
49263 Nov 9 2006 "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
75520 Dec 15 2006 "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
75520 Dec 15 2006 "C:\Program Files\Java\jre1.5.0_11\bin\bak\jusched.exe"
480784 Apr 12 2007 "C:\Program Files\Trend Micro\Internet Security 2007\TMAS_OE\TMAS_OEImp.exe"
493072 Apr 12 2007 "C:\Program Files\Trend Micro\Internet Security 2007\TMAS_OL\TMAS_OLImp.exe"
315392 Aug 18 2006 "C:\Program Files\Trend Micro\Internet Security 2007\TMAS_OE\bak\TMAS_OEMon.exe"
86016 Dec 10 2003 "C:\Program Files\Intel\PROSetWireless\NCS\PROSet\PRONoMgr.exe"
86016 Dec 10 2003 "C:\Program Files\Intel\PROSetWireless\NCS\PROSet\bak\PRONoMgr.exe"


end of report
jbrownlee
Regular Member
 
Posts: 22
Joined: December 16th, 2007, 6:50 pm

Re: Help Remove b.whataboutdog.com

Unread postby Shaba » December 19th, 2007, 3:09 pm

Hi

Looks better :)

Double-click FindAWF.exe to start the tool.

  • Select option #3 - Remove bak folders by typing 3 and press 'Enter'
  • A text file will open up. Please copy/paste the following bolded text into the text file:

    C:\Program Files\Apoint2K\bak
    C:\Program Files\iTunes\bak
    C:\Program Files\Lexmark 4300 Series\bak
    C:\Program Files\Lexmark Fax Solutions\bak
    C:\Program Files\QuickTime\bak
    C:\WINDOWS\system32\bak
    C:\Program Files\Fujitsu\BtnHnd\bak
    C:\Program Files\Fujitsu\fjdvrupd\bak
    C:\Program Files\Fujitsu\Fujitsu Hotkey Utility\bak
    C:\Program Files\Trend Micro\Internet Security 2007\bak
    C:\Program Files\Adobe\Acrobat 7.0\Reader\bak
    C:\Program Files\Common Files\Real\Update_OB\bak
    C:\Program Files\Java\jre1.5.0_11\bin\bak
    C:\Program Files\Intel\PROSetWireless\NCS\PROSet\bak


  • Close the .txt file and click 'Yes' to save the changes.
  • When the tool has completed, a report will open up in notepad.
Please post the results of the awf.txt here.
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland

Re: Help Remove b.whataboutdog.com

Unread postby jbrownlee » December 19th, 2007, 3:20 pm

I have to admit this is fun so far........


Find AWF report by noahdfear ©2006
Version 1.40
Option 3 run successfully

The current date is: Wed 12/19/2007
The current time is: 13:19:07.32


bak folders found
~~~~~~~~~~~


Directory of C:\PROGRA~1\APOINT2K\BAK

07/16/2003 07:19 AM 159,744 Apoint.exe
1 File(s) 159,744 bytes

Directory of C:\PROGRA~1\MESSEN~1\BAK

0 File(s) 0 bytes

Directory of C:\PROGRA~1\TRENDM~1\INTERN~2\BAK

08/25/2006 10:25 AM 3,112,960 pccguide.exe
1 File(s) 3,112,960 bytes

Directory of C:\PROGRA~1\ADOBE\ACROBA~2.0\READER\BAK

03/30/2006 03:45 PM 313,472 AdobeUpdateManager.exe
1 File(s) 313,472 bytes

Directory of C:\PROGRA~1\TRENDM~1\INTERN~2\TMAS_OE\BAK

08/18/2006 12:06 PM 315,392 TMAS_OEMon.exe
1 File(s) 315,392 bytes


Duplicate files of bak directory contents
~~~~~~~~~~~~~~~~~~~~~~~

159744 Jul 16 2003 "C:\Program Files\Apoint2K\Apoint.exe"
159744 Jul 16 2003 "C:\Program Files\Apoint2K\bak\Apoint.exe"
3429904 Apr 12 2007 "C:\Program Files\Trend Micro\Internet Security 2007\pccguide.exe"
3112960 Aug 25 2006 "C:\Program Files\Trend Micro\Internet Security 2007\bak\pccguide.exe"
3112960 Aug 25 2006 "C:\Documents and Settings\Owner\Desktop\TIS2007GM-SMALL\Module\pccguide.exe"
950337 Feb 9 2004 "C:\Program Files\Trend Micro\TIS11_1120\Setup\program files\Trend Micro\PC-cillin\pccguide.exe"
313472 Mar 30 2006 "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe"
313472 Mar 30 2006 "C:\Program Files\Adobe\Acrobat 7.0\Reader\bak\AdobeUpdateManager.exe"
303104 Apr 16 2004 "C:\Program Files\Adobe\Photoshop Album Starter Edition\2.0\Apps\AdobeUpdateManager.exe"
480784 Apr 12 2007 "C:\Program Files\Trend Micro\Internet Security 2007\TMAS_OE\TMAS_OEImp.exe"
493072 Apr 12 2007 "C:\Program Files\Trend Micro\Internet Security 2007\TMAS_OL\TMAS_OLImp.exe"
315392 Aug 18 2006 "C:\Program Files\Trend Micro\Internet Security 2007\TMAS_OE\bak\TMAS_OEMon.exe"
jbrownlee
Regular Member
 
Posts: 22
Joined: December 16th, 2007, 6:50 pm

Re: Help Remove b.whataboutdog.com

Unread postby Shaba » December 20th, 2007, 5:07 am

Hi

Strange, it didn't delete all bak folders, we'll try again:

Double-click FindAWF.exe to start the tool.

  • Select option #3 - Remove bak folders by typing 3 and press 'Enter'
  • A text file will open up. Please copy/paste the following bolded text into the text file:

    C:\Program Files\Apoint2K\bak
    C:\Program Files\Trend Micro\Internet Security 2007\bak
    C:\Program Files\Adobe\Acrobat 7.0\Reader\bak


  • Close the .txt file and click 'Yes' to save the changes.
  • When the tool has completed, a report will open up in notepad.
Please post the results of the awf.txt here.
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland

Re: Help Remove b.whataboutdog.com

Unread postby jbrownlee » December 20th, 2007, 8:56 am

Find AWF report by noahdfear ©2006
Version 1.40
Option 3 run successfully

The current date is: Thu 12/20/2007
The current time is: 6:53:37.55


bak folders found
~~~~~~~~~~~


Directory of C:\PROGRA~1\APOINT2K\BAK

07/16/2003 07:19 AM 159,744 Apoint.exe
1 File(s) 159,744 bytes

Directory of C:\PROGRA~1\MESSEN~1\BAK

0 File(s) 0 bytes

Directory of C:\PROGRA~1\TRENDM~1\INTERN~2\BAK

08/25/2006 10:25 AM 3,112,960 pccguide.exe
1 File(s) 3,112,960 bytes

Directory of C:\PROGRA~1\ADOBE\ACROBA~2.0\READER\BAK

03/30/2006 03:45 PM 313,472 AdobeUpdateManager.exe
1 File(s) 313,472 bytes

Directory of C:\PROGRA~1\TRENDM~1\INTERN~2\TMAS_OE\BAK

08/18/2006 12:06 PM 315,392 TMAS_OEMon.exe
1 File(s) 315,392 bytes


Duplicate files of bak directory contents
~~~~~~~~~~~~~~~~~~~~~~~

159744 Jul 16 2003 "C:\Program Files\Apoint2K\Apoint.exe"
159744 Jul 16 2003 "C:\Program Files\Apoint2K\bak\Apoint.exe"
3429904 Apr 12 2007 "C:\Program Files\Trend Micro\Internet Security 2007\pccguide.exe"
3112960 Aug 25 2006 "C:\Program Files\Trend Micro\Internet Security 2007\bak\pccguide.exe"
3112960 Aug 25 2006 "C:\Documents and Settings\Owner\Desktop\TIS2007GM-SMALL\Module\pccguide.exe"
950337 Feb 9 2004 "C:\Program Files\Trend Micro\TIS11_1120\Setup\program files\Trend Micro\PC-cillin\pccguide.exe"
313472 Mar 30 2006 "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe"
313472 Mar 30 2006 "C:\Program Files\Adobe\Acrobat 7.0\Reader\bak\AdobeUpdateManager.exe"
303104 Apr 16 2004 "C:\Program Files\Adobe\Photoshop Album Starter Edition\2.0\Apps\AdobeUpdateManager.exe"
480784 Apr 12 2007 "C:\Program Files\Trend Micro\Internet Security 2007\TMAS_OE\TMAS_OEImp.exe"
493072 Apr 12 2007 "C:\Program Files\Trend Micro\Internet Security 2007\TMAS_OL\TMAS_OLImp.exe"
315392 Aug 18 2006 "C:\Program Files\Trend Micro\Internet Security 2007\TMAS_OE\bak\TMAS_OEMon.exe"


end of report
jbrownlee
Regular Member
 
Posts: 22
Joined: December 16th, 2007, 6:50 pm

Re: Help Remove b.whataboutdog.com

Unread postby Shaba » December 20th, 2007, 9:11 am

Hi

Ok, we remove them then manually.

Delete these folders:

C:\Program Files\Apoint2K\bak
C:\Program Files\Trend Micro\Internet Security 2007\bak
C:\Program Files\Adobe\Acrobat 7.0\Reader\bak

Empty Recycle Bin.

Re-run findawf with option 1

Post back awf.txt, please.
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland

Re: Help Remove b.whataboutdog.com

Unread postby jbrownlee » December 20th, 2007, 9:26 am

I was unable to delete the Trend Micro Bak file. During the attempted delete I received the following error message:

"Error Deleting File or Folder Cannot Delete pccguide.exe:Access Denied

Make sure the disk is not full or write protected and that the file is not currently in use."


Find AWF report by noahdfear ©2006
Version 1.40

The current date is: Thu 12/20/2007
The current time is: 7:21:45.22


bak folders found
~~~~~~~~~~~


Directory of C:\PROGRA~1\MESSEN~1\BAK

0 File(s) 0 bytes

Directory of C:\PROGRA~1\TRENDM~1\INTERN~2\BAK

08/25/2006 10:25 AM 3,112,960 pccguide.exe
1 File(s) 3,112,960 bytes

Directory of C:\PROGRA~1\TRENDM~1\INTERN~2\TMAS_OE\BAK

08/18/2006 12:06 PM 315,392 TMAS_OEMon.exe
1 File(s) 315,392 bytes


Duplicate files of bak directory contents
~~~~~~~~~~~~~~~~~~~~~~~

3429904 Apr 12 2007 "C:\Program Files\Trend Micro\Internet Security 2007\pccguide.exe"
3112960 Aug 25 2006 "C:\Program Files\Trend Micro\Internet Security 2007\bak\pccguide.exe"
3112960 Aug 25 2006 "C:\Documents and Settings\Owner\Desktop\TIS2007GM-SMALL\Module\pccguide.exe"
950337 Feb 9 2004 "C:\Program Files\Trend Micro\TIS11_1120\Setup\program files\Trend Micro\PC-cillin\pccguide.exe"
480784 Apr 12 2007 "C:\Program Files\Trend Micro\Internet Security 2007\TMAS_OE\TMAS_OEImp.exe"
493072 Apr 12 2007 "C:\Program Files\Trend Micro\Internet Security 2007\TMAS_OL\TMAS_OLImp.exe"
315392 Aug 18 2006 "C:\Program Files\Trend Micro\Internet Security 2007\TMAS_OE\bak\TMAS_OEMon.exe"


end of report
jbrownlee
Regular Member
 
Posts: 22
Joined: December 16th, 2007, 6:50 pm

Re: Help Remove b.whataboutdog.com

Unread postby Shaba » December 20th, 2007, 9:38 am

Hi

Ok, that can be as it contains legit backups.

Open HijackThis, click do a system scan only and checkmark these:

O4 - HKCU\..\Run: [SpyDefender Shield] "C:\Program Files\SpyDefender Pro\SpyDefender.exe" --scan2
O15 - Trusted Zone: *.doginhispen.com
O15 - Trusted Zone: *.whataboutadog.com


Close all windows including browser and press fix checked.

Reboot.

Delete if present:

C:\Program Files\SpyDefender Pro

Empty Recycle Bin.

Post back a fresh HijackThis log.
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland

Re: Help Remove b.whataboutdog.com

Unread postby jbrownlee » December 20th, 2007, 9:52 am

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:51:19 AM, on 12/20/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\S24EvMon.exe
C:\WINDOWS\system32\ZCfgSvc.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
c:\program files\a-squared free\a2service.exe
C:\WINDOWS\system32\bmwebcfg.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\PcCtlCom.exe
C:\WINDOWS\System32\RegSrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\TmPfw.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\tmproxy.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\PcScnSrv.exe
C:\WINDOWS\System32\1XConfig.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\Program Files\Lexmark 4300 Series\lxcemon.exe
C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe
C:\Program Files\Fujitsu\fjdvrupd\fjdvrupd.exe
C:\Program Files\Lexmark 4300 Series\ezprint.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\WINDOWS\System32\igfxext.exe
C:\Program Files\Trend Micro\Internet Security 2007\pccguide.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\WINDOWS\system32\lxcecoms.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Apoint2K\HidFind.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mousavers.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_19_0.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_19_0.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [IndicatorUtility] C:\Program Files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe
O4 - HKLM\..\Run: [LXCECATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCEtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [lxcemon.exe] "C:\Program Files\Lexmark 4300 Series\lxcemon.exe"
O4 - HKLM\..\Run: [LoadBtnHnd] C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe
O4 - HKLM\..\Run: [FJUPDNV_Chitose] C:\Program Files\Fujitsu\fjdvrupd\fjdvrupd.exe
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 4300 Series\ezprint.exe"
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2007\pccguide.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: bmnet.dll
O10 - Unknown file in Winsock LSP: bmnet.dll
O10 - Unknown file in Winsock LSP: bmnet.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.computers.us.fujitsu.com/
O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} (MetaStreamCtl Class) - https://components.viewpoint.com/MTSIns ... eloadredir
O16 - DPF: {210D0CBC-8B17-48D1-B294-1A338DD2EB3A} (VatCtrl Class) - http://www.second.org/cam/VatDec.cab
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab
O16 - DPF: {40F8967E-34A6-474A-837A-CEC1E7DAC54C} (QuickBooks Online Edition Utilities Class v9) - https://accounting.quickbooks.com/c7/v16.554/qboax9.cab
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} - http://ipgweb.cce.hp.com/rdqnbk/downloads/sysinfo.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 0222620506
O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4.0) - http://ipgweb.cce.hp.com/rdqnbk/downloads/msxml4.cab
O16 - DPF: {8CE3BAE6-AB66-40B6-9019-41E5282FF1E2} (QuickBooks Online Edition Utilities Class v8) - https://accounting.quickbooks.com/c4/v14.217/qboax8.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} - http://cam5.brett-robinson.com/activex/ ... ontrol.cab
O16 - DPF: {9A54032D-31F7-400D-B184-83B33BDE65FA} (MSN File Upload Control) - http://sc.groups.msn.com/controls/FileUC/MsnUpld.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v ... b56649.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/popcaploader_v10.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - c:\program files\a-squared free\a2service.exe
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Bytemobile Web Configurator (bmwebcfg) - Bytemobile, Inc. - C:\WINDOWS\system32\bmwebcfg.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: lxce_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxcecoms.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~2\PcCtlCom.exe
O23 - Service: Trend Micro Protection Against Spyware (PcScnSrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~2\PcScnSrv.exe
O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\System32\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\System32\S24EvMon.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~2\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~2\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~2\tmproxy.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 10107 bytes
jbrownlee
Regular Member
 
Posts: 22
Joined: December 16th, 2007, 6:50 pm

Re: Help Remove b.whataboutdog.com

Unread postby Shaba » December 20th, 2007, 10:08 am

Hi

Looks good :)

Please do an online scan with Kaspersky Online Scanner. You will be prompted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then start to download the latest definition files.
  • Once the scanner is installed and the definitions downloaded, click Next.
  • Now click on Scan Settings
  • In the scan settings make sure that the following are selected:

    o Scan using the following Anti-Virus database:

    + Extended (If available otherwise Standard)

    o Scan Options:

    + Scan Archives
    + Scan Mail Bases

  • Click OK
  • Now under select a target to scan select My Computer
  • The scan will take a while so be patient and let it run. Once the scan is complete it will display if your system has been infected.
  • Now click on the Save as Text button
  • Save the file to your desktop.
  • Copy and paste that information in your next post.

Note: This scanner will work with Internet Explorer Only!

Note for Internet Explorer 7 users: If at any time you have trouble with the accept button of the license, click on the Zoom tool located at the right bottom of the IE window and set the zoom to 75 %. Once the license accepted, reset to 100%.

Post:

- a fresh HijackThis log
- kaspersky report
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland

Re: Help Remove b.whataboutdog.com

Unread postby jbrownlee » December 20th, 2007, 1:34 pm

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:32:02 AM, on 12/20/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\S24EvMon.exe
C:\WINDOWS\system32\ZCfgSvc.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
c:\program files\a-squared free\a2service.exe
C:\WINDOWS\system32\bmwebcfg.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\PcCtlCom.exe
C:\WINDOWS\System32\RegSrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\TmPfw.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\PcScnSrv.exe
C:\WINDOWS\System32\1XConfig.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\Program Files\Lexmark 4300 Series\lxcemon.exe
C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe
C:\Program Files\Fujitsu\fjdvrupd\fjdvrupd.exe
C:\Program Files\Lexmark 4300 Series\ezprint.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\WINDOWS\System32\igfxext.exe
C:\Program Files\Trend Micro\Internet Security 2007\pccguide.exe
C:\WINDOWS\system32\lxcecoms.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Apoint2K\HidFind.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\tmproxy.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mousavers.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_19_0.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_19_0.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [IndicatorUtility] C:\Program Files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe
O4 - HKLM\..\Run: [LXCECATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCEtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [lxcemon.exe] "C:\Program Files\Lexmark 4300 Series\lxcemon.exe"
O4 - HKLM\..\Run: [LoadBtnHnd] C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe
O4 - HKLM\..\Run: [FJUPDNV_Chitose] C:\Program Files\Fujitsu\fjdvrupd\fjdvrupd.exe
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 4300 Series\ezprint.exe"
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2007\pccguide.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: bmnet.dll
O10 - Unknown file in Winsock LSP: bmnet.dll
O10 - Unknown file in Winsock LSP: bmnet.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.computers.us.fujitsu.com/
O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} (MetaStreamCtl Class) - https://components.viewpoint.com/MTSIns ... eloadredir
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/ka ... nicode.cab
O16 - DPF: {210D0CBC-8B17-48D1-B294-1A338DD2EB3A} (VatCtrl Class) - http://www.second.org/cam/VatDec.cab
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab
O16 - DPF: {40F8967E-34A6-474A-837A-CEC1E7DAC54C} (QuickBooks Online Edition Utilities Class v9) - https://accounting.quickbooks.com/c7/v16.554/qboax9.cab
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} - http://ipgweb.cce.hp.com/rdqnbk/downloads/sysinfo.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 0222620506
O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4.0) - http://ipgweb.cce.hp.com/rdqnbk/downloads/msxml4.cab
O16 - DPF: {8CE3BAE6-AB66-40B6-9019-41E5282FF1E2} (QuickBooks Online Edition Utilities Class v8) - https://accounting.quickbooks.com/c4/v14.217/qboax8.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} - http://cam5.brett-robinson.com/activex/ ... ontrol.cab
O16 - DPF: {9A54032D-31F7-400D-B184-83B33BDE65FA} (MSN File Upload Control) - http://sc.groups.msn.com/controls/FileUC/MsnUpld.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v ... b56649.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/popcaploader_v10.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - c:\program files\a-squared free\a2service.exe
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Bytemobile Web Configurator (bmwebcfg) - Bytemobile, Inc. - C:\WINDOWS\system32\bmwebcfg.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: lxce_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxcecoms.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~2\PcCtlCom.exe
O23 - Service: Trend Micro Protection Against Spyware (PcScnSrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~2\PcScnSrv.exe
O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\System32\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\System32\S24EvMon.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~2\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~2\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~2\tmproxy.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 10138 bytes


-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Thursday, December 20, 2007 11:30:50 AM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 20/12/2007
Kaspersky Anti-Virus database records: 490570
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\
E:\

Scan Statistics:
Total number of scanned objects: 65098
Number of viruses found: 0
Number of infected objects: 0
Number of suspicious objects: 0
Duration of the scan process: 01:06:50

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Owner\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\History\History.IE5\MSHist012007122020071221\index.dat Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Owner\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Owner\ntuser.dat.LOG Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{6BF86EFD-1609-438A-877B-95C26E128E5C}\RP222\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\LogFiles\HTTPERR\httperr1.log Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.
jbrownlee
Regular Member
 
Posts: 22
Joined: December 16th, 2007, 6:50 pm
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 404 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware