1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

Variant of systemdoctor 2006?

Discussion in 'Malware and Virus Removal Archive' started by jkg31485, 2006/11/03.

Page 2 of 2
  1. 2006/11/13
    jkg31485

    jkg31485 Inactive Thread Starter

    Joined:
    2004/08/24
    Messages:
    24
    Likes Received:
    0
    Here's the awf file. I had to copy one of the files manually after I ran the fix because of a typo in the backup file location. Also I uploaded the bad files to noahdfear.


    Find AWF report by noahdfear ©2006


    21504 byte files found
    ~~~~~~~~~~~~~



    21504 byte files sorted with strings
    ~~~~~~~~~~~~~~~~~~~~~



    25600 byte files found
    ~~~~~~~~~~~~~



    25600 byte files sorted with strings
    ~~~~~~~~~~~~~~~~~~~~~



    26450 byte files found
    ~~~~~~~~~~~~~



    26450 byte files sorted with strings
    ~~~~~~~~~~~~~~~~~~~~~



    bak folders found
    ~~~~~~~~~~~


    Directory of C:\PROGRA~1\ITUNES\BAK

    06/14/2006 03:24 PM 278,528 iTunesHelper.exe
    1 File(s) 278,528 bytes

    Directory of C:\PROGRA~1\MESSEN~1\BAK

    0 File(s) 0 bytes

    Directory of C:\PROGRA~1\QUICKT~1\BAK

    08/27/2006 08:45 PM 282,624 qttask.exe
    1 File(s) 282,624 bytes

    Directory of C:\PROGRA~1\SYMNET~1\BAK

    04/29/2005 07:05 AM 100,056 SNDMon.exe
    1 File(s) 100,056 bytes

    Directory of C:\WINDOWS\SYSTEM32\BAK

    08/03/2004 11:56 PM 15,360 ctfmon.exe
    07/17/2002 07:18 AM 28,672 DSentry.exe
    2 File(s) 44,032 bytes

    Directory of C:\PROGRA~1\ATITEC~1\ATICON~1\BAK

    06/10/2004 06:10 PM 339,968 atiptaxx.exe
    1 File(s) 339,968 bytes

    Directory of C:\PROGRA~1\COMMON~1\SYMANT~1\BAK

    07/01/2005 11:11 AM 71,280 ccApp.exe
    1 File(s) 71,280 bytes

    Directory of C:\PROGRA~1\DELL\QUICKSET\BAK

    03/04/2004 05:59 PM 487,424 quickset.exe
    1 File(s) 487,424 bytes

    Directory of C:\PROGRA~1\HEWLET~1\HPSOFT~1\BAK

    02/16/2005 10:11 PM 49,152 HPWuSchd2.exe
    1 File(s) 49,152 bytes

    Directory of C:\PROGRA~1\HEWLET~1\TOOLBOX\BAK

    05/20/2004 08:40 AM 188,416 hpbpsttp.exe
    1 File(s) 188,416 bytes

    Directory of C:\PROGRA~1\MI948F~1\MOUSE\BAK

    04/11/2002 10:47 AM 176,128 point32.exe
    1 File(s) 176,128 bytes

    Directory of C:\PROGRA~1\NORTON~1\PASSWO~1\BAK

    08/18/2004 12:41 PM 586,896 AcctMgr.exe
    1 File(s) 586,896 bytes

    Directory of C:\PROGRA~1\COMMON~1\REAL\UPDATE~1\BAK

    01/31/2006 05:49 PM 180,269 realsched.exe
    1 File(s) 180,269 bytes

    Directory of C:\PROGRA~1\HEWLET~1\HPDESK~1\TOOLBOX\BAK

    01/17/2005 04:49 PM 335,872 HPWQTBX.exe
    1 File(s) 335,872 bytes

    Directory of C:\PROGRA~1\HEWLET~1\TOOLBOX\STATUS~1\BAK

    02/27/2004 09:29 AM 61,440 StatusClient.exe
    1 File(s) 61,440 bytes

    Directory of C:\PROGRA~1\INTEL\NCS\PROSET\BAK

    05/28/2003 02:32 PM 86,016 PRONoMgr.exe
    1 File(s) 86,016 bytes

    Directory of C:\PROGRA~1\JAVA\JRE15~2.0_0\BIN\BAK

    11/10/2005 01:03 PM 36,975 jusched.exe
    1 File(s) 36,975 bytes


    12/17/2002 09:28 AM 684,032 DirectCD.exe
    1 File(s) 684,032 bytes


    Duplicate files of bak directory contents
    ~~~~~~~~~~~~~~~~~~~~~~~

    278528 Jun 14 2006 "C:\Program Files\iTunes\iTunesHelper.exe "
    278528 Jun 14 2006 "C:\Program Files\iTunes\bak\iTunesHelper.exe "
    282624 Aug 27 2006 "C:\Program Files\QuickTime\qttask.exe "
    282624 Aug 27 2006 "C:\Program Files\QuickTime\bak\qttask.exe "
    100056 Apr 29 2005 "C:\Program Files\SymNetDrv\SNDMon.exe "
    100056 Apr 29 2005 "C:\Program Files\SymNetDrv\bak\SNDMon.exe "
    15360 Aug 3 2004 "C:\windows\system32\ctfmon.exe "
    15360 Aug 3 2004 "C:\windows\system32\bak\ctfmon.exe "
    28672 Jul 17 2002 "C:\windows\system32\DSentry.exe "
    28672 Jul 17 2002 "C:\windows\system32\bak\DSentry.exe "
    339968 Jun 10 2004 "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe "
    339968 Jun 10 2004 "C:\Program Files\ATI Technologies\ATI Control Panel\bak\atiptaxx.exe "
    71328 Dec 21 2005 "C:\Program Files\Common Files\Symantec Shared\CCAPP.EXE "
    71280 Jul 1 2005 "C:\Program Files\Common Files\Symantec Shared\bak\ccApp.exe "
    487424 Mar 4 2004 "C:\Program Files\Dell\QuickSet\quickset.exe "
    487424 Mar 4 2004 "C:\Program Files\Dell\QuickSet\bak\quickset.exe "
    49152 Feb 16 2005 "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe "
    49152 Feb 16 2005 "C:\Program Files\Hewlett-Packard\HP Software Update\bak\HPWuSchd2.exe "
    188416 May 20 2004 "C:\Program Files\Hewlett-Packard\Toolbox\hpbpsttp.exe "
    40960 Jul 17 2003 "C:\Program Files\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe "
    188416 May 20 2004 "C:\Program Files\Hewlett-Packard\Toolbox\bak\hpbpsttp.exe "
    176128 Apr 11 2002 "C:\Program Files\Microsoft Hardware\Mouse\point32.exe "
    176128 Apr 11 2002 "C:\Program Files\Microsoft Hardware\Mouse\bak\point32.exe "
    586896 Jul 29 2005 "C:\Program Files\Norton SystemWorks\Password Manager\AcctMgr.exe "
    586896 Aug 18 2004 "C:\Program Files\Norton SystemWorks\Password Manager\bak\AcctMgr.exe "
    180269 Jan 31 2006 "C:\Program Files\Common Files\Real\Update_OB\realsched.exe "
    180269 Jan 31 2006 "C:\Program Files\Common Files\Real\Update_OB\bak\realsched.exe "
    335872 Jan 17 2005 "C:\Program Files\Hewlett-Packard\HP Deskjet 9800 Series\Toolbox\HPWQTBX.exe "
    335872 Jan 17 2005 "C:\Program Files\Hewlett-Packard\HP Deskjet 9800 Series\Toolbox\bak\HPWQTBX.exe "
    61440 Feb 27 2004 "C:\Program Files\Hewlett-Packard\Toolbox\StatusClient\StatusClient.exe "
    61440 Feb 27 2004 "C:\Program Files\Hewlett-Packard\Toolbox\StatusClient\bak\StatusClient.exe "
    40960 Jul 17 2003 "C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe "
    86016 May 28 2003 "C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe "
    86016 May 28 2003 "C:\Program Files\Intel\NCS\PROSet\bak\PRONoMgr.exe "
    32881 Nov 19 2003 "C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe "
    36975 Aug 26 2005 "C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe "
    36975 Nov 10 2005 "C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe "
    36975 Nov 10 2005 "C:\Program Files\Java\jre1.5.0_06\bin\bak\jusched.exe "
    684032 Dec 17 2002 "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe "
    684032 Dec 17 2002 "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\bak\DirectCD.exe "


    end of report
     
    jkg31485,
    #21
Page 2 of 2

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...