Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

88.80.7.66, A.doginhispen, B.skitodayplease


  • Please log in to reply
16 replies to this topic

#1 lmgcpa

lmgcpa

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:08:56 AM

Posted 14 February 2008 - 08:54 AM

Please assist me in removing these; 88.80.7.66, a.doginhispen and b.skitodayplease. I have already downloaded findAWF. Thank you.

BC AdBot (Login to Remove)

 


#2 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,942 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:08:56 AM

Posted 14 February 2008 - 11:05 AM

  • Double-click on FindAWF.exe to start.
  • If a "Security Alert" shows, allow the program to run.
  • A command prompt will open and ask you to "Press any key to continue...".
  • You will be presented with a Menu.
    • 1. Press 1 then Enter to scan for bak folders
      2. Press 2 then Enter to restore files from bak folders
      3. Press 3 then Enter to remove bak folders
      4. Press 4 then Enter to reset domain zones
      5. Press E then Enter to EXIT
  • Press 1 then 'Enter' to scan for bak folders
  • The FindAWF tool will begin scanning your computer for the infected AWF files and backups created by the trojan.
  • It may take a few minutes to complete so be patient.
  • When complete, it will open a text file in notepad called awf.txt which will be saved to your desktop.
  • Copy and paste the contents of the awf.txt file in your next reply.

.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#3 lmgcpa

lmgcpa
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:08:56 AM

Posted 14 February 2008 - 11:58 AM

Thank you for responding.


Find AWF report by noahdfear 2006
Version 1.40

The current date is: Thu 02/14/2008
The current time is: 11:53:49.29


bak folders found
~~~~~~~~~~~


Directory of C:\PROGRA~1\AIM6\BAK

10/04/2007 10:20 AM 50,528 aim6.exe
1 File(s) 50,528 bytes

Directory of C:\PROGRA~1\DELLSU~1\BAK

03/15/2007 10:09 AM 460,784 DSAgnt.exe
1 File(s) 460,784 bytes

Directory of C:\PROGRA~1\ITUNES\BAK

11/02/2007 06:36 PM 267,048 iTunesHelper.exe
1 File(s) 267,048 bytes

Directory of C:\PROGRA~1\MESSEN~1\BAK

10/13/2004 11:24 AM 1,694,208 msmsgs.exe
1 File(s) 1,694,208 bytes

Directory of C:\PROGRA~1\QUICKT~1\BAK

10/19/2007 08:16 PM 286,720 qttask.exe
1 File(s) 286,720 bytes

Directory of C:\WINDOWS\SYSTEM32\BAK

08/04/2004 05:00 AM 15,360 ctfmon.exe
10/14/2005 08:46 PM 77,824 hkcmd.exe
10/14/2005 08:50 PM 114,688 igfxpers.exe
10/14/2005 08:49 PM 94,208 igfxtray.exe
08/15/2002 05:26 AM 886,272 LXSUPMON.EXE
5 File(s) 1,188,352 bytes

Directory of C:\PROGRA~1\CYBERL~1\POWERDVD\BAK

02/23/2005 04:19 PM 53,248 DVDLauncher.exe
1 File(s) 53,248 bytes

Directory of C:\PROGRA~1\DELL\QUICKSET\BAK

04/06/2006 02:58 PM 1,032,192 quickset.exe
1 File(s) 1,032,192 bytes

Directory of C:\PROGRA~1\MCAFEE.COM\AGENT\BAK

08/04/2007 01:33 AM 582,992 mcagent.exe
1 File(s) 582,992 bytes

Directory of C:\PROGRA~1\SCANSOFT\PAPERP~1\BAK

01/09/2004 12:02 PM 40,960 IndexSearch.exe
01/09/2004 11:47 AM 57,393 pptd40nt.exe
2 File(s) 98,353 bytes

Directory of C:\PROGRA~1\SITEAD~1\6253\BAK

03/30/2007 10:42 AM 36,904 SiteAdv.exe
1 File(s) 36,904 bytes

Directory of C:\PROGRA~1\SYNAPT~1\SYNTP\BAK

03/08/2006 06:48 PM 761,947 SynTPEnh.exe
1 File(s) 761,947 bytes

Directory of C:\PROGRA~1\TEXTBR~1.0\BIN\BAK

06/19/2000 08:51 AM 31,744 INSTAN~1.EXE
06/19/2000 08:56 AM 22,528 REGIST~1.EXE
2 File(s) 54,272 bytes

Directory of C:\WINDOWS\SYSTEM32\DLA\BAK

12/06/2004 01:05 AM 127,035 tfswctrl.exe
1 File(s) 127,035 bytes

Directory of C:\PROGRA~1\ADOBE\READER~1.0\READER\BAK

10/10/2007 07:51 PM 39,792 Reader_sl.exe
1 File(s) 39,792 bytes

Directory of C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\BAK

07/27/2004 04:50 PM 81,920 issch.exe
07/27/2004 04:50 PM 221,184 ISUSPM.exe
2 File(s) 303,104 bytes

Directory of C:\PROGRA~1\INTEL\WIRELESS\BIN\BAK

10/30/2004 02:59 PM 385,024 ifrmewrk.exe
1 File(s) 385,024 bytes

Directory of C:\PROGRA~1\JAVA\JRE15~1.0_1\BIN\BAK

11/09/2006 03:07 PM 49,263 jusched.exe
1 File(s) 49,263 bytes

Directory of C:\DOCUME~1\ALLUSE~1\APPLIC~1\DELL\TRANSF~1\BAK

11/13/2007 04:46 PM 135,168 TransferAgent.exe
1 File(s) 135,168 bytes


Duplicate files of bak directory contents
~~~~~~~~~~~~~~~~~~~~~~~

50528 Jan 3 2008 "C:\Program Files\AIM6\aim6.exe"
50528 Oct 4 2007 "C:\Program Files\AIM6\bak\aim6.exe"
460784 Mar 15 2007 "C:\Program Files\DellSupport\bak\DSAgnt.exe"
267048 Nov 2 2007 "C:\Program Files\iTunes\bak\iTunesHelper.exe"
102400 Nov 6 2007 "C:\WINDOWS\Installer\{E3FEE4E7-4488-4A3F-A6BD-13745936EADB}\iTunesIco.exe"
116008 Nov 6 2007 "C:\Documents and Settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 7.5.0.20\iTunesSetupAdmin.exe"
116024 Jul 7 2007 "C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\7382VDF2\iTunesSetupAdmin[1].exe"
116024 Aug 11 2007 "C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\RTB1M6JD\iTunesSetupAdmin[1].exe"
1694208 Oct 13 2004 "C:\Program Files\Messenger\bak\msmsgs.exe"
1694208 Oct 13 2004 "C:\WINDOWS\$hf_mig$\KB887472\SP2QFE\msmsgs.exe"
286720 Oct 19 2007 "C:\Program Files\QuickTime\bak\qttask.exe"
15360 Aug 4 2004 "C:\WINDOWS\system32\ctfmon.exe"
15360 Aug 4 2004 "C:\WINDOWS\system32\bak\ctfmon.exe"
77824 Oct 14 2005 "C:\drivers\video\onboard\hkcmd.exe"
77824 Oct 14 2005 "C:\WINDOWS\system32\bak\hkcmd.exe"
114688 Oct 14 2005 "C:\drivers\video\onboard\igfxpers.exe"
114688 Oct 14 2005 "C:\WINDOWS\system32\bak\igfxpers.exe"
94208 Oct 14 2005 "C:\drivers\video\onboard\igfxtray.exe"
94208 Oct 14 2005 "C:\WINDOWS\system32\bak\igfxtray.exe"
886272 Aug 15 2002 "C:\WINDOWS\system32\bak\LXSUPMON.EXE"
886272 Aug 15 2002 "C:\WINDOWS\system32\spool\drivers\w32x86\3\LXSUPMON.EXE"
886272 Aug 15 2002 "C:\WINDOWS\system32\spool\drivers\w32x86\lexmarklexmark_z451ac3\LXSUPMON.EXE"
53248 Feb 23 2005 "C:\Program Files\CyberLink\PowerDVD\bak\DVDLauncher.exe"
1032192 Apr 6 2006 "C:\Program Files\Dell\QuickSet\bak\quickset.exe"
582992 Aug 3 2007 "C:\Program Files\McAfee.com\Agent\mcagent.exe"
582992 Aug 4 2007 "C:\Program Files\McAfee.com\Agent\bak\mcagent.exe"
40960 Jan 9 2004 "C:\Program Files\ScanSoft\PaperPort\bak\IndexSearch.exe"
57393 Jan 9 2004 "C:\Program Files\ScanSoft\PaperPort\bak\pptd40nt.exe"
36904 Mar 30 2007 "C:\Program Files\SiteAdvisor\6253\bak\SiteAdv.exe"
761947 Mar 8 2006 "C:\Program Files\Synaptics\SynTP\bak\SynTPEnh.exe"
761947 Mar 8 2006 "C:\Program Files\Synaptics\SynTP\Media\SynTPEnh.exe"
31744 Jun 19 2000 "C:\Program Files\TextBridge Pro 9.0\Bin\bak\INSTAN~1.EXE"
22528 Jun 19 2000 "C:\Program Files\TextBridge Pro 9.0\Bin\bak\REGIST~1.EXE"
127035 Dec 6 2004 "C:\Program Files\Sonic\DLA\install\tfswctrl.exe"
127035 Dec 6 2004 "C:\WINDOWS\system32\dla\bak\tfswctrl.exe"
39792 Jan 11 2008 "C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe"
39792 Oct 10 2007 "C:\Program Files\Adobe\Reader 8.0\Reader\bak\Reader_sl.exe"
81920 Jul 27 2004 "C:\Program Files\Common Files\InstallShield\UpdateService\bak\issch.exe"
221184 Jul 27 2004 "C:\Program Files\Common Files\InstallShield\UpdateService\bak\ISUSPM.exe"
385024 Oct 30 2004 "C:\Program Files\Intel\Wireless\Bin\bak\ifrmewrk.exe"
36975 Nov 10 2005 "C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe"
49263 Nov 9 2006 "C:\Program Files\Java\jre1.5.0_10\bin\bak\jusched.exe"
135168 Nov 13 2007 "C:\Documents and Settings\All Users\Application Data\Dell\TransferAgent\bak\TransferAgent.exe"
327437 Jan 24 2008 "C:\Documents and Settings\Laurence M. Growney\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u3\CIP\TransferAgentSetup.exe"


end of report

#4 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,942 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:08:56 AM

Posted 14 February 2008 - 12:46 PM

Double-click the FindAWF icon once again.
  • If a "Security Alert" shows, allow the program to run.
  • A command prompt will open and ask you to "Press any key to continue...".
  • You will be presented with a Menu.
  • Press 2 then 'Enter' to restore files from bak folders
  • A text file named files.txt will then open.
  • Click below the line and copy/paste the following list of files in the quote box into the text file:

"C:\Program Files\AIM6\bak\aim6.exe"
"C:\Program Files\DellSupport\bak\DSAgnt.exe"
"C:\Program Files\iTunes\bak\iTunesHelper.exe"
"C:\Program Files\Messenger\bak\msmsgs.exe"
"C:\Program Files\QuickTime\bak\qttask.exe"
"C:\WINDOWS\system32\bak\ctfmon.exe"
"C:\WINDOWS\system32\bak\hkcmd.exe"
"C:\WINDOWS\system32\bak\igfxpers.exe"
"C:\WINDOWS\system32\bak\igfxtray.exe"
"C:\WINDOWS\system32\bak\LXSUPMON.EXE"
"C:\Program Files\CyberLink\PowerDVD\bak\DVDLauncher.exe"
"C:\Program Files\Dell\QuickSet\bak\quickset.exe"
"C:\Program Files\McAfee.com\Agent\bak\mcagent.exe"
"C:\Program Files\ScanSoft\PaperPort\bak\IndexSearch.exe"
"C:\Program Files\ScanSoft\PaperPort\bak\pptd40nt.exe"
"C:\Program Files\SiteAdvisor\6253\bak\SiteAdv.exe"
"C:\Program Files\Synaptics\SynTP\bak\SynTPEnh.exe"
"C:\Program Files\TextBridge Pro 9.0\Bin\bak\INSTAN~1.EXE"
"C:\Program Files\TextBridge Pro 9.0\Bin\bak\REGIST~1.EXE"
"C:\WINDOWS\system32\dla\bak\tfswctrl.exe"
"C:\Program Files\Adobe\Reader 8.0\Reader\bak\Reader_sl.exe"
"C:\Program Files\Common Files\InstallShield\UpdateService\bak\issch.exe"
"C:\Program Files\Common Files\InstallShield\UpdateService\bak\ISUSPM.exe"
"C:\Program Files\Intel\Wireless\Bin\bak\ifrmewrk.exe"
"C:\Program Files\Java\jre1.5.0_10\bin\bak\jusched.exe"
"C:\Documents and Settings\All Users\Application Data\Dell\TransferAgent\bak\TransferAgent.exe"

  • Close the text file and click Yes to save the changes. Once files.txt is saved, FindAWF does the following:
    • It attempts to terminate the process represented by each filename on the list (if running).
    • Deletes the rogue file from the parent folder (if present).
    • Copies the original file to the parent folder.
  • When done, it automatically runs a new scan and opens a new log.
  • Please copy/paste the contents of the new awf.txt log in your reply.

.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#5 lmgcpa

lmgcpa
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:08:56 AM

Posted 14 February 2008 - 01:32 PM

Find AWF report by noahdfear 2006
Version 1.40
Option 2 run successfully

The current date is: Thu 02/14/2008
The current time is: 13:30:25.95


bak folders found
~~~~~~~~~~~


Directory of C:\PROGRA~1\AIM6\BAK

10/04/2007 10:20 AM 50,528 aim6.exe
1 File(s) 50,528 bytes

Directory of C:\PROGRA~1\DELLSU~1\BAK

03/15/2007 10:09 AM 460,784 DSAgnt.exe
1 File(s) 460,784 bytes

Directory of C:\PROGRA~1\ITUNES\BAK

11/02/2007 06:36 PM 267,048 iTunesHelper.exe
1 File(s) 267,048 bytes

Directory of C:\PROGRA~1\MESSEN~1\BAK

10/13/2004 11:24 AM 1,694,208 msmsgs.exe
1 File(s) 1,694,208 bytes

Directory of C:\PROGRA~1\QUICKT~1\BAK

10/19/2007 08:16 PM 286,720 qttask.exe
1 File(s) 286,720 bytes

Directory of C:\WINDOWS\SYSTEM32\BAK

08/04/2004 05:00 AM 15,360 ctfmon.exe
10/14/2005 08:46 PM 77,824 hkcmd.exe
10/14/2005 08:50 PM 114,688 igfxpers.exe
10/14/2005 08:49 PM 94,208 igfxtray.exe
08/15/2002 05:26 AM 886,272 LXSUPMON.EXE
5 File(s) 1,188,352 bytes

Directory of C:\PROGRA~1\CYBERL~1\POWERDVD\BAK

02/23/2005 04:19 PM 53,248 DVDLauncher.exe
1 File(s) 53,248 bytes

Directory of C:\PROGRA~1\DELL\QUICKSET\BAK

04/06/2006 02:58 PM 1,032,192 quickset.exe
1 File(s) 1,032,192 bytes

Directory of C:\PROGRA~1\MCAFEE.COM\AGENT\BAK

08/04/2007 01:33 AM 582,992 mcagent.exe
1 File(s) 582,992 bytes

Directory of C:\PROGRA~1\SCANSOFT\PAPERP~1\BAK

01/09/2004 12:02 PM 40,960 IndexSearch.exe
01/09/2004 11:47 AM 57,393 pptd40nt.exe
2 File(s) 98,353 bytes

Directory of C:\PROGRA~1\SITEAD~1\6253\BAK

03/30/2007 10:42 AM 36,904 SiteAdv.exe
1 File(s) 36,904 bytes

Directory of C:\PROGRA~1\SYNAPT~1\SYNTP\BAK

03/08/2006 06:48 PM 761,947 SynTPEnh.exe
1 File(s) 761,947 bytes

Directory of C:\PROGRA~1\TEXTBR~1.0\BIN\BAK

06/19/2000 08:51 AM 31,744 INSTAN~1.EXE
06/19/2000 08:56 AM 22,528 REGIST~1.EXE
2 File(s) 54,272 bytes

Directory of C:\WINDOWS\SYSTEM32\DLA\BAK

12/06/2004 01:05 AM 127,035 tfswctrl.exe
1 File(s) 127,035 bytes

Directory of C:\PROGRA~1\ADOBE\READER~1.0\READER\BAK

10/10/2007 07:51 PM 39,792 Reader_sl.exe
1 File(s) 39,792 bytes

Directory of C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\BAK

07/27/2004 04:50 PM 81,920 issch.exe
07/27/2004 04:50 PM 221,184 ISUSPM.exe
2 File(s) 303,104 bytes

Directory of C:\PROGRA~1\INTEL\WIRELESS\BIN\BAK

10/30/2004 02:59 PM 385,024 ifrmewrk.exe
1 File(s) 385,024 bytes

Directory of C:\PROGRA~1\JAVA\JRE15~1.0_1\BIN\BAK

11/09/2006 03:07 PM 49,263 jusched.exe
1 File(s) 49,263 bytes

Directory of C:\DOCUME~1\ALLUSE~1\APPLIC~1\DELL\TRANSF~1\BAK

11/13/2007 04:46 PM 135,168 TransferAgent.exe
1 File(s) 135,168 bytes


Duplicate files of bak directory contents
~~~~~~~~~~~~~~~~~~~~~~~

50528 Oct 4 2007 "C:\Program Files\AIM6\aim6.exe"
50528 Oct 4 2007 "C:\Program Files\AIM6\bak\aim6.exe"
460784 Mar 15 2007 "C:\Program Files\DellSupport\DSAgnt.exe"
460784 Mar 15 2007 "C:\Program Files\DellSupport\bak\DSAgnt.exe"
267048 Nov 2 2007 "C:\Program Files\iTunes\iTunesHelper.exe"
267048 Nov 2 2007 "C:\Program Files\iTunes\bak\iTunesHelper.exe"
102400 Nov 6 2007 "C:\WINDOWS\Installer\{E3FEE4E7-4488-4A3F-A6BD-13745936EADB}\iTunesIco.exe"
116008 Nov 6 2007 "C:\Documents and Settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 7.5.0.20\iTunesSetupAdmin.exe"
116024 Jul 7 2007 "C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\7382VDF2\iTunesSetupAdmin[1].exe"
116024 Aug 11 2007 "C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\RTB1M6JD\iTunesSetupAdmin[1].exe"
1694208 Oct 13 2004 "C:\Program Files\Messenger\msmsgs.exe"
1694208 Oct 13 2004 "C:\Program Files\Messenger\bak\msmsgs.exe"
1694208 Oct 13 2004 "C:\WINDOWS\$hf_mig$\KB887472\SP2QFE\msmsgs.exe"
286720 Oct 19 2007 "C:\Program Files\QuickTime\qttask.exe"
286720 Oct 19 2007 "C:\Program Files\QuickTime\bak\qttask.exe"
15360 Aug 4 2004 "C:\WINDOWS\system32\ctfmon.exe"
15360 Aug 4 2004 "C:\WINDOWS\system32\bak\ctfmon.exe"
77824 Oct 14 2005 "C:\WINDOWS\system32\hkcmd.exe"
77824 Oct 14 2005 "C:\drivers\video\onboard\hkcmd.exe"
77824 Oct 14 2005 "C:\WINDOWS\system32\bak\hkcmd.exe"
114688 Oct 14 2005 "C:\WINDOWS\system32\igfxpers.exe"
114688 Oct 14 2005 "C:\drivers\video\onboard\igfxpers.exe"
114688 Oct 14 2005 "C:\WINDOWS\system32\bak\igfxpers.exe"
94208 Oct 14 2005 "C:\WINDOWS\system32\igfxtray.exe"
94208 Oct 14 2005 "C:\drivers\video\onboard\igfxtray.exe"
94208 Oct 14 2005 "C:\WINDOWS\system32\bak\igfxtray.exe"
886272 Aug 15 2002 "C:\WINDOWS\system32\LXSUPMON.EXE"
886272 Aug 15 2002 "C:\WINDOWS\system32\bak\LXSUPMON.EXE"
886272 Aug 15 2002 "C:\WINDOWS\system32\spool\drivers\w32x86\3\LXSUPMON.EXE"
886272 Aug 15 2002 "C:\WINDOWS\system32\spool\drivers\w32x86\lexmarklexmark_z451ac3\LXSUPMON.EXE"
53248 Feb 23 2005 "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
53248 Feb 23 2005 "C:\Program Files\CyberLink\PowerDVD\bak\DVDLauncher.exe"
1032192 Apr 6 2006 "C:\Program Files\Dell\QuickSet\quickset.exe"
1032192 Apr 6 2006 "C:\Program Files\Dell\QuickSet\bak\quickset.exe"
582992 Aug 3 2007 "C:\Program Files\McAfee.com\Agent\mcagent.exe"
582992 Aug 4 2007 "C:\Program Files\McAfee.com\Agent\bak\mcagent.exe"
40960 Jan 9 2004 "C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe"
40960 Jan 9 2004 "C:\Program Files\ScanSoft\PaperPort\bak\IndexSearch.exe"
57393 Jan 9 2004 "C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe"
57393 Jan 9 2004 "C:\Program Files\ScanSoft\PaperPort\bak\pptd40nt.exe"
36904 Mar 30 2007 "C:\Program Files\SiteAdvisor\6253\SiteAdv.exe"
36904 Mar 30 2007 "C:\Program Files\SiteAdvisor\6253\bak\SiteAdv.exe"
761947 Mar 8 2006 "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
761947 Mar 8 2006 "C:\Program Files\Synaptics\SynTP\bak\SynTPEnh.exe"
761947 Mar 8 2006 "C:\Program Files\Synaptics\SynTP\Media\SynTPEnh.exe"
31744 Jun 19 2000 "C:\Program Files\TextBridge Pro 9.0\Bin\INSTAN~1.EXE"
31744 Jun 19 2000 "C:\Program Files\TextBridge Pro 9.0\Bin\bak\INSTAN~1.EXE"
22528 Jun 19 2000 "C:\Program Files\TextBridge Pro 9.0\Bin\REGIST~1.EXE"
22528 Jun 19 2000 "C:\Program Files\TextBridge Pro 9.0\Bin\bak\REGIST~1.EXE"
127035 Dec 6 2004 "C:\WINDOWS\system32\dla\tfswctrl.exe"
127035 Dec 6 2004 "C:\Program Files\Sonic\DLA\install\tfswctrl.exe"
127035 Dec 6 2004 "C:\WINDOWS\system32\dla\bak\tfswctrl.exe"
39792 Oct 10 2007 "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
39792 Oct 10 2007 "C:\Program Files\Adobe\Reader 8.0\Reader\bak\Reader_sl.exe"
81920 Jul 27 2004 "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe"
81920 Jul 27 2004 "C:\Program Files\Common Files\InstallShield\UpdateService\bak\issch.exe"
221184 Jul 27 2004 "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe"
221184 Jul 27 2004 "C:\Program Files\Common Files\InstallShield\UpdateService\bak\ISUSPM.exe"
385024 Oct 30 2004 "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe"
385024 Oct 30 2004 "C:\Program Files\Intel\Wireless\Bin\bak\ifrmewrk.exe"
36975 Nov 10 2005 "C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe"
49263 Nov 9 2006 "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
49263 Nov 9 2006 "C:\Program Files\Java\jre1.5.0_10\bin\bak\jusched.exe"
135168 Nov 13 2007 "C:\Documents and Settings\All Users\Application Data\Dell\TransferAgent\TransferAgent.exe"
135168 Nov 13 2007 "C:\Documents and Settings\All Users\Application Data\Dell\TransferAgent\bak\TransferAgent.exe"
327437 Jan 24 2008 "C:\Documents and Settings\Laurence M. Growney\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u3\CIP\TransferAgentSetup.exe"


end of report

#6 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,942 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:08:56 AM

Posted 14 February 2008 - 02:45 PM

Double-click the FindAWF icon once again.
  • A command prompt will open and ask you to "Press any key to continue...".
  • You will be presented with a Menu.
  • Press 3 then 'Enter' to remove bak folders.
  • A text file named files.txt will then open.
  • Click below the line and copy/paste the following list of folders in the quote box into the text file:

C:\Program Files\AIM6\bak
C:\Program Files\DellSupport\bak
C:\Program Files\iTunes\bak
C:\Program Files\Messenger\bak
C:\Program Files\QuickTime\bak
C:\WINDOWS\system32\bak
C:\Program Files\CyberLink\PowerDVD\bak
C:\Program Files\Dell\QuickSet\bak
C:\Program Files\McAfee.com\Agent\bak
C:\Program Files\ScanSoft\PaperPort\bak
C:\Program Files\ScanSoft\PaperPort\bak
C:\Program Files\SiteAdvisor\6253\bak
C:\Program Files\Synaptics\SynTP\bak
C:\Program Files\TextBridge Pro 9.0\Bin\bak
C:\WINDOWS\system32\dla\bak
C:\Program Files\Adobe\Reader 8.0\Reader\bak\
C:\Program Files\Common Files\InstallShield\UpdateService\bak
C:\Program Files\Intel\Wireless\Bin\bak\
C:\Program Files\Java\jre1.5.0_10\bin\bak
C:\Documents and Settings\All Users\Application Data\Dell\TransferAgent\bak

  • Close the text file and click Yes to save the changes.
  • When done, it automatically runs a new scan and opens a new log.
  • Please copy/paste the contents of the new awf.txt log in your reply.

.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#7 lmgcpa

lmgcpa
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:08:56 AM

Posted 14 February 2008 - 04:56 PM

Find AWF report by noahdfear 2006
Version 1.40
Option 3 run successfully

The current date is: Thu 02/14/2008
The current time is: 16:55:16.25


bak folders found
~~~~~~~~~~~


Directory of C:\PROGRA~1\SYNAPT~1\SYNTP\BAK

03/08/2006 06:48 PM 761,947 SynTPEnh.exe
1 File(s) 761,947 bytes

Directory of C:\PROGRA~1\ADOBE\READER~1.0\READER\BAK

10/10/2007 07:51 PM 39,792 Reader_sl.exe
1 File(s) 39,792 bytes

Directory of C:\PROGRA~1\INTEL\WIRELESS\BIN\BAK

10/30/2004 02:59 PM 385,024 ifrmewrk.exe
1 File(s) 385,024 bytes


Duplicate files of bak directory contents
~~~~~~~~~~~~~~~~~~~~~~~

761947 Mar 8 2006 "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
761947 Mar 8 2006 "C:\Program Files\Synaptics\SynTP\bak\SynTPEnh.exe"
761947 Mar 8 2006 "C:\Program Files\Synaptics\SynTP\Media\SynTPEnh.exe"
39792 Oct 10 2007 "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
39792 Oct 10 2007 "C:\Program Files\Adobe\Reader 8.0\Reader\bak\Reader_sl.exe"
385024 Oct 30 2004 "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe"
385024 Oct 30 2004 "C:\Program Files\Intel\Wireless\Bin\bak\ifrmewrk.exe"


end of report

#8 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,942 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:08:56 AM

Posted 14 February 2008 - 06:49 PM

Open Windows Explorer, navigate to and delete the following bak folder:
C:\Program Files\Synaptics\SynTP\bak <- this folder
C:\Program Files\Adobe\Reader 8.0\Reader\bak <- this folder
C:\Program Files\Intel\Wireless\Bin\bak <- this folder

Then double-click the FindAWF icon once again.
  • A command prompt will open and ask you to "Press any key to continue...".
  • You will be presented with a Menu.
  • Press 4 then 'Enter' to reset domain zones.
  • You will receive a warning to reset domain zones.
  • Press 1 then 'Enter'.
  • When done, you will receive a message: "Done! Zones have been reset".
  • After resetting the domain zones, the program will return to the main menu.
  • Press E then 'Enter' to EXIT.
  • Note: If you had manually added any sites in the trusted zones, they will need to be re-inserted.
Please download ATF Cleaner by Atribune & save it to your desktop.
  • Double-click ATF-Cleaner.exe to run the program.
  • Under Main "Select Files to Delete" choose: Select All.
  • Click the Empty Selected button.
  • If you use Firefox browser click Firefox at the top and choose: Select All
  • Click the Empty Selected button.
    If you would like to keep your saved passwords, please click No at the prompt.
  • If you use Opera browser click Opera at the top and choose: Select All
  • Click the Empty Selected button.
    If you would like to keep your saved passwords, please click No at the prompt.
  • Click Exit on the Main menu to close the program.
Note: On Vista, "Windows Temp" is disabled. To empty "Windows Temp" ATF-Cleaner must be "Run as an Administrator".

Your Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) Version 6 and save it to your desktop.
  • Scroll down to where it says "Java Runtime Environment (JRE)6 Update 4...allows end-users to run Java applications".
  • Click the "Download" button to the right.
  • Select your Platform: "Windows".
  • Select your Language: "English".
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • Click Continue and the page will refresh.
  • Click on the link to download Windows Offline Installation and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u4-windows-i586-p.exe to install the newest version.

.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#9 lmgcpa

lmgcpa
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:08:56 AM

Posted 14 February 2008 - 08:31 PM

I am unable to delete the folder:

C:\Program Files\Synaptics\SynTP\bak

access denied

#10 lmgcpa

lmgcpa
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:08:56 AM

Posted 14 February 2008 - 08:34 PM

The file within the folder that is denied is SynTPEnk.exe

#11 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,942 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:08:56 AM

Posted 14 February 2008 - 10:51 PM

Ok, lets try using the fix tool again instead.

Double-click the FindAWF icon once again.
  • If a "Security Alert" shows, allow the program to run.
  • A command prompt will open and ask you to "Press any key to continue...".
  • You will be presented with a Menu.
  • Press 2 then 'Enter' to restore files from bak folders
  • A text file named files.txt will then open.
  • Click below the line and copy/paste the following list of files in the quote box into the text file:

"C:\Program Files\Synaptics\SynTP\bak\SynTPEnh.exe"
"C:\Program Files\Adobe\Reader 8.0\Reader\bak\Reader_sl.exe"
"C:\Program Files\Intel\Wireless\Bin\bak\ifrmewrk.exe"

  • Close the text file and click Yes to save the changes. Once files.txt is saved, FindAWF does the following:
    • It attempts to terminate the process represented by each filename on the list (if running).
    • Deletes the rogue file from the parent folder (if present).
    • Copies the original file to the parent folder.
  • When done, it automatically runs a new scan and opens a new log.
  • Please copy/paste the contents of the new awf.txt log in your reply.

.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#12 lmgcpa

lmgcpa
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:08:56 AM

Posted 15 February 2008 - 03:33 PM

Find AWF report by noahdfear 2006
Version 1.40
Option 2 run successfully

The current date is: Fri 02/15/2008
The current time is: 15:31:57.93


bak folders found
~~~~~~~~~~~


Directory of C:\PROGRA~1\SYNAPT~1\SYNTP\BAK

03/08/2006 06:48 PM 761,947 SynTPEnh.exe
1 File(s) 761,947 bytes


Duplicate files of bak directory contents
~~~~~~~~~~~~~~~~~~~~~~~

761947 Mar 8 2006 "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
761947 Mar 8 2006 "C:\Program Files\Synaptics\SynTP\bak\SynTPEnh.exe"
761947 Mar 8 2006 "C:\Program Files\Synaptics\SynTP\Media\SynTPEnh.exe"


end of report

#13 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,942 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:08:56 AM

Posted 16 February 2008 - 08:31 AM

Double-click the FindAWF icon once again.
  • A command prompt will open and ask you to "Press any key to continue...".
  • You will be presented with a Menu.
  • Press 3 then 'Enter' to remove bak folders.
  • A text file named files.txt will then open.
  • Click below the line and copy/paste the following list of folders in the quote box into the text file:

C:\Program Files\Synaptics\SynTP\bak

  • Close the text file and click Yes to save the changes.
  • When done, it automatically runs a new scan and opens a new log.
  • Please copy/paste the contents of the new awf.txt log in your reply.

.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#14 lmgcpa

lmgcpa
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:08:56 AM

Posted 16 February 2008 - 09:21 AM

Find AWF report by noahdfear 2006
Version 1.40
Option 3 run successfully

The current date is: Sat 02/16/2008
The current time is: 9:18:36.82


bak folders found
~~~~~~~~~~~



Duplicate files of bak directory contents
~~~~~~~~~~~~~~~~~~~~~~~



end of report

#15 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,942 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:08:56 AM

Posted 16 February 2008 - 09:27 AM

Double-click the FindAWF icon once again.
  • A command prompt will open and ask you to "Press any key to continue...".
  • You will be presented with a Menu.
  • Press 4 then 'Enter' to reset domain zones.
  • You will receive a warning to reset domain zones.
  • Press 1 then 'Enter'.
  • When done, you will receive a message: "Done! Zones have been reset".
  • After resetting the domain zones, the program will return to the main menu.
  • Press E then 'Enter' to EXIT.
  • Note: If you had manually added any sites in the trusted zones, they will need to be re-inserted.
Please download ATF Cleaner by Atribune & save it to your desktop.
  • Double-click ATF-Cleaner.exe to run the program.
  • Under Main "Select Files to Delete" choose: Select All.
  • Click the Empty Selected button.
  • If you use Firefox browser click Firefox at the top and choose: Select All
  • Click the Empty Selected button.
    If you would like to keep your saved passwords, please click No at the prompt.
  • If you use Opera browser click Opera at the top and choose: Select All
  • Click the Empty Selected button.
    If you would like to keep your saved passwords, please click No at the prompt.
  • Click Exit on the Main menu to close the program.
Note: On Vista, "Windows Temp" is disabled. To empty "Windows Temp" ATF-Cleaner must be "Run as an Administrator".
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users