Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Troj_killav.nb And A.doginhispen.com


  • Please log in to reply
11 replies to this topic

#1 bostondg

bostondg

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:04:37 AM

Posted 15 February 2008 - 05:53 PM

Help!

I have a.doginhispen.com and troj_killav.nb


Find AWF report by noahdfear 2006
Version 1.40

The current date is: Fri 02/15/2008
The current time is: 17:09:34.10


bak folders found
~~~~~~~~~~~


Directory of C:\WINDOWS\BAK

09/07/2006 01:01 AM 32,768 V0230Mon.exe
1 File(s) 32,768 bytes

Directory of C:\WINDOWS\SYSTEM32\BAK

08/04/2004 02:56 AM 15,360 ctfmon.exe
1 File(s) 15,360 bytes

Directory of C:\PROGRA~1\QUICKT~1\BAK

01/07/2006 05:58 PM 155,648 qttask.exe
1 File(s) 155,648 bytes

Directory of C:\PROGRA~1\QUICKENW\BAK

0 File(s) 0 bytes

Directory of C:\PROGRA~1\EARTHL~1\BAK

0 File(s) 0 bytes

Directory of C:\PROGRA~1\MSNMES~1\BAK

0 File(s) 0 bytes

Directory of C:\PROGRA~1\HP\HPCORE~1\BAK

12/22/2003 08:38 AM 241,664 hpcmpmgr.exe
1 File(s) 241,664 bytes

Directory of C:\PROGRA~1\YAHOO!\MESSEN~1\BAK

0 File(s) 0 bytes

Directory of C:\PROGRA~1\GOOGLE\GOOGLE~1\BAK

07/26/2007 11:54 PM 68,856 GoogleToolbarNotifier.exe
1 File(s) 68,856 bytes

Directory of C:\PROGRA~1\AWS\WEATHE~1\BAK

06/07/2005 01:58 PM 1,339,392 Weather.exe
1 File(s) 1,339,392 bytes

Directory of C:\PROGRA~1\HEWLET~1\HPSOFT~1\BAK

02/16/2005 11:11 PM 49,152 HPWuSchd2.exe
1 File(s) 49,152 bytes

Directory of C:\PROGRA~1\MICROI~1\OPTICA~1\BAK

03/15/2007 01:15 PM 356,352 mouse32a.exe
1 File(s) 356,352 bytes

Directory of C:\PROGRA~1\COMMON~1\MICROS~1\WORKSS~1\BAK

08/16/2001 10:41 PM 28,738 WkUFind.exe
1 File(s) 28,738 bytes

Directory of C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\BAK

09/11/2006 04:40 AM 218,032 ISUSPM.exe
1 File(s) 218,032 bytes

Directory of C:\PROGRA~1\ADOBE\READER~1.0\READER\BAK

10/10/2007 07:51 PM 39,792 Reader_sl.exe
1 File(s) 39,792 bytes

Directory of C:\PROGRA~1\JAVA\JRE16~3.0_0\BIN\BAK

09/25/2007 01:11 AM 132,496 jusched.exe
1 File(s) 132,496 bytes

Directory of C:\PROGRA~1\VERIZO~1\SUPPOR~1\SMARTB~1\BAK

04/17/2005 07:31 AM 385,024 MotiveSB.exe
1 File(s) 385,024 bytes

Directory of C:\PROGRA~1\CREATIVE\CREATI~1\LIVE!C~2\BAK

09/06/2006 09:42 AM 143,360 CTLCMgr.exe
1 File(s) 143,360 bytes

Directory of C:\PROGRA~1\CREATIVE\CREATI~1\VIDEOFX\BAK

10/09/2006 01:49 PM 20,480 StartFX.exe
1 File(s) 20,480 bytes

Directory of C:\PROGRA~1\LOGITECH\DESKTO~1\8876480\PROGRAM\BAK

03/08/2007 07:12 PM 67,128 LogitechDesktopMessenger.exe
1 File(s) 67,128 bytes

Directory of C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\BAK

03/04/2004 11:46 AM 172,032 hpztsb10.exe
1 File(s) 172,032 bytes

Directory of D:\PROGRA~1\BAK

0 File(s) 0 bytes

Directory of D:\PROGRA~1\SIMPLE~1\PHOTOS~1\DATA\XTRAS\BAK

0 File(s) 0 bytes


Duplicate files of bak directory contents
~~~~~~~~~~~~~~~~~~~~~~~

32768 Sep 7 2006 "C:\WINDOWS\bak\V0230Mon.exe"
32768 Sep 7 2006 "C:\Live! Cam\Live! Cam Video IM Pro\V0230Mon.exe"
32768 Sep 7 2006 "C:\WINDOWS\CtDrvInstall\{76303233-30646576-0000000000000000}\V0230Mon.exe"
15360 Aug 4 2004 "C:\WINDOWS\system32\ctfmon.exe"
15360 Aug 4 2004 "C:\WINDOWS\system32\bak\ctfmon.exe"
385024 Jan 31 2008 "C:\Program Files\QuickTime\QTTask.exe"
155648 Jan 7 2006 "C:\Program Files\QuickTime\bak\qttask.exe"
241664 Dec 22 2003 "C:\Program Files\HP\hpcoretech\bak\hpcmpmgr.exe"
52272 Jun 13 2007 "C:\Program Files\Google\googletoolbar3user.exe"
98304 Aug 5 2007 "C:\My Games\Family Feud™ 2\googlestubinst.exe"
3379200 Aug 5 2007 "C:\Program Files\Real\RealArcade\GoogleInstApp.exe"
583696 Jan 28 2007 "C:\Program Files\Common Files\Real\GToolbar\GoogleToolbarInstaller.exe"
138168 Jun 13 2007 "C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe"
68856 Jul 26 2007 "C:\Program Files\Google\GoogleToolbarNotifier\bak\GoogleToolbarNotifier.exe"
1339392 Jun 7 2005 "C:\Program Files\AWS\WeatherBug\bak\Weather.exe"
49152 Feb 16 2005 "C:\Program Files\Hewlett-Packard\HP Software Update\bak\HPWuSchd2.exe"
356352 Mar 15 2007 "C:\Program Files\Micro Innovations\Optical Scroll\bak\mouse32a.exe"
28738 Aug 16 2001 "C:\Program Files\Common Files\Microsoft Shared\Works Shared\bak\WkUFind.exe"
218032 Sep 11 2006 "C:\Program Files\Common Files\InstallShield\UpdateService\bak\ISUSPM.exe"
39792 Jan 11 2008 "C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe"
39792 Oct 10 2007 "C:\Program Files\Adobe\Reader 8.0\Reader\bak\Reader_sl.exe"
49263 Oct 12 2006 "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
83608 Mar 14 2007 "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
132496 Jul 12 2007 "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
132496 Sep 25 2007 "C:\Program Files\Java\jre1.6.0_03\bin\bak\jusched.exe"
385024 Apr 17 2005 "C:\Program Files\Verizon Online\SupportCenter\SmartBridge\Updates\MotiveSB.exe"
327680 May 18 2002 "C:\Program Files\Verizon Online\SupportCenter\SmartBridge\Original\MotiveSB.exe"
385024 Apr 17 2005 "C:\Program Files\Verizon Online\SupportCenter\SmartBridge\bak\MotiveSB.exe"
143360 Sep 6 2006 "C:\Program Files\Creative\Creative Live! Cam\Live! Cam Manager\bak\CTLCMgr.exe"
20480 Oct 9 2006 "C:\Program Files\Creative\Creative Live! Cam\VideoFX\bak\StartFX.exe"
67128 Mar 8 2007 "C:\Program Files\Logitech\Desktop Messenger\8876480\Program\bak\LogitechDesktopMessenger.exe"
172032 Mar 4 2004 "C:\WINDOWS\system32\spool\drivers\w32x86\3\bak\hpztsb10.exe"


end of report

Trend micro has quarantined the following:

"Virus Scan Logs","2008/02/15","VAIO"
"Time","Security Feature","Source Type","Virus Name","File Name","First Action","Second Action"
"12:15","File Monitor","File","TROJ_KILLAV.NB","C:\PROGRAM FILES\QUICKENW\QAGENT.EXE","Quarantine Fail",""
"12:15","File Monitor","File","TROJ_KILLAV.NB","C:\PROGRAM FILES\VERIZON ONLINE\SUPPORTCENTER\SMARTBRIDGE\MOTIVESB.EXE","Quarantine Success",""
"12:15","File Monitor","File","TROJ_KILLAV.NB","C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\HPZTSB10.EXE","Quarantine Success",""
"12:15","File Monitor","File","TROJ_KILLAV.NB","C:\PROGRAM FILES\HEWLETT-PACKARD\HP SOFTWARE UPDATE\HPWUSCHD2.EXE","Quarantine Success",""
"12:15","File Monitor","File","TROJ_KILLAV.NB","C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\WORKS SHARED\WKUFIND.EXE","Quarantine Success",""
"12:15","File Monitor","File","TROJ_KILLAV.NB","C:\PROGRAM FILES\MICRO INNOVATIONS\OPTICAL SCROLL\MOUSE32A.EXE","Quarantine Success",""
"12:15","File Monitor","File","TROJ_KILLAV.NB","C:\PROGRAM FILES\CREATIVE\CREATIVE LIVE! CAM\VIDEOFX\STARTFX.EXE","Quarantine Success",""
"12:15","File Monitor","File","TROJ_KILLAV.NB","C:\WINDOWS\V0230MON.EXE","Quarantine Success",""
"12:15","File Monitor","File","TROJ_KILLAV.NB","C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\LOGITECHDESKTOPMESSENGER.EXE","Quarantine Success",""
"12:15","File Monitor","File","TROJ_KILLAV.NB","C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBARNOTIFIER\GOOGLETOOLBARNOTIFIER.EXE","Quarantine Success",""
"12:15","File Monitor","File","TROJ_KILLAV.NB","C:\PROGRAM FILES\HP\HPCORETECH\HPCMPMGR.EXE","Quarantine Success",""
"12:15","File Monitor","File","TROJ_KILLAV.NB","C:\PROGRAM FILES\JAVA\JRE1.6.0_03\BIN\JUSCHED.EXE","Quarantine Success",""
"13:21","Manual Scan","File","TROJ_KILLAV.NB","C:\System Volume Information\_restore{8357CB77-1DBD-43BC-B2F8-E849AAB0887F}\RP2120\A0250220.RBF","Quarantine Success",""
"13:21","Manual Scan","File","TROJ_KILLAV.NB","C:\System Volume Information\_restore{8357CB77-1DBD-43BC-B2F8-E849AAB0887F}\RP2121\A0250301.exe","Quarantine Success",""
"13:21","Manual Scan","File","TROJ_KILLAV.NB","C:\System Volume Information\_restore{8357CB77-1DBD-43BC-B2F8-E849AAB0887F}\RP2121\A0250302.exe","Quarantine Success",""
"13:21","Manual Scan","File","TROJ_KILLAV.NB","C:\System Volume Information\_restore{8357CB77-1DBD-43BC-B2F8-E849AAB0887F}\RP2121\A0250303.exe","Quarantine Success",""
"13:21","Manual Scan","File","TROJ_KILLAV.NB","C:\System Volume Information\_restore{8357CB77-1DBD-43BC-B2F8-E849AAB0887F}\RP2121\A0250304.exe","Quarantine Success",""
"13:21","Manual Scan","File","TROJ_KILLAV.NB","C:\System Volume Information\_restore{8357CB77-1DBD-43BC-B2F8-E849AAB0887F}\RP2121\A0250305.exe","Quarantine Success",""
"13:21","Manual Scan","File","TROJ_KILLAV.NB","C:\System Volume Information\_restore{8357CB77-1DBD-43BC-B2F8-E849AAB0887F}\RP2121\A0250307.exe","Quarantine Success",""
"13:21","Manual Scan","File","TROJ_KILLAV.NB","C:\System Volume Information\_restore{8357CB77-1DBD-43BC-B2F8-E849AAB0887F}\RP2121\A0250308.exe","Quarantine Success",""
"13:21","Manual Scan","File","TROJ_KILLAV.NB","C:\System Volume Information\_restore{8357CB77-1DBD-43BC-B2F8-E849AAB0887F}\RP2121\A0250309.exe","Quarantine Success",""
"13:21","Manual Scan","File","TROJ_KILLAV.NB","C:\System Volume Information\_restore{8357CB77-1DBD-43BC-B2F8-E849AAB0887F}\RP2121\A0250310.exe","Quarantine Success",""
"13:21","Manual Scan","File","TROJ_KILLAV.NB","C:\System Volume Information\_restore{8357CB77-1DBD-43BC-B2F8-E849AAB0887F}\RP2121\A0250311.exe","Quarantine Success",""
"13:21","Manual Scan","File","TROJ_KILLAV.NB","C:\System Volume Information\_restore{8357CB77-1DBD-43BC-B2F8-E849AAB0887F}\RP2121\A0250312.exe","Quarantine Success",""
"13:21","Manual Scan","File","TROJ_KILLAV.NB","C:\System Volume Information\_restore{8357CB77-1DBD-43BC-B2F8-E849AAB0887F}\RP2121\A0250313.EXE","Quarantine Success",""
"13:21","Manual Scan","File","TROJ_KILLAV.NB","C:\System Volume Information\_restore{8357CB77-1DBD-43BC-B2F8-E849AAB0887F}\RP2099\A0248588.exe","Quarantine Success",""
"13:21","Manual Scan","File","TROJ_KILLAV.NB","C:\System Volume Information\_restore{8357CB77-1DBD-43BC-B2F8-E849AAB0887F}\RP2099\A0248589.exe","Quarantine Success",""
"13:21","Manual Scan","File","TROJ_KILLAV.NB","C:\System Volume Information\_restore{8357CB77-1DBD-43BC-B2F8-E849AAB0887F}\RP2099\A0248591.exe","Quarantine Success",""
"13:21","Manual Scan","File","TROJ_KILLAV.NB","C:\System Volume Information\_restore{8357CB77-1DBD-43BC-B2F8-E849AAB0887F}\RP2099\A0248592.exe","Quarantine Success",""
"13:21","Manual Scan","File","TROJ_KILLAV.NB","C:\System Volume Information\_restore{8357CB77-1DBD-43BC-B2F8-E849AAB0887F}\RP2099\A0248593.exe","Quarantine Success",""
"13:21","Manual Scan","File","TROJ_KILLAV.NB","C:\System Volume Information\_restore{8357CB77-1DBD-43BC-B2F8-E849AAB0887F}\RP2099\A0248594.EXE","Quarantine Success",""
"13:21","Manual Scan","File","TROJ_KILLAV.NB","C:\System Volume Information\_restore{8357CB77-1DBD-43BC-B2F8-E849AAB0887F}\RP2099\A0248595.exe","Quarantine Success",""
"13:21","Manual Scan","File","TROJ_KILLAV.NB","C:\System Volume Information\_restore{8357CB77-1DBD-43BC-B2F8-E849AAB0887F}\RP2099\A0248596.exe","Quarantine Success",""
"13:21","Manual Scan","File","TROJ_KILLAV.NB","C:\System Volume Information\_restore{8357CB77-1DBD-43BC-B2F8-E849AAB0887F}\RP2099\A0248597.exe","Quarantine Success",""
"13:21","Manual Scan","File","TROJ_KILLAV.NB","C:\System Volume Information\_restore{8357CB77-1DBD-43BC-B2F8-E849AAB0887F}\RP2099\A0248598.exe","Quarantine Success",""
"13:21","Manual Scan","File","TROJ_KILLAV.NB","C:\System Volume Information\_restore{8357CB77-1DBD-43BC-B2F8-E849AAB0887F}\RP2099\A0248599.exe","Quarantine Success",""
"13:21","Manual Scan","File","TROJ_KILLAV.NB","C:\System Volume Information\_restore{8357CB77-1DBD-43BC-B2F8-E849AAB0887F}\RP2099\A0248600.exe","Quarantine Success",""
"13:21","Manual Scan","File","TROJ_KILLAV.NB","C:\System Volume Information\_restore{8357CB77-1DBD-43BC-B2F8-E849AAB0887F}\RP2099\A0248601.exe","Quarantine Success",""
"13:21","Manual Scan","File","TROJ_KILLAV.NB","C:\System Volume Information\_restore{8357CB77-1DBD-43BC-B2F8-E849AAB0887F}\RP2099\A0248602.exe","Quarantine Success",""
"13:21","Manual Scan","File","TROJ_KILLAV.NB","C:\System Volume Information\_restore{8357CB77-1DBD-43BC-B2F8-E849AAB0887F}\RP2099\A0248603.exe","Quarantine Success",""
"13:21","Manual Scan","File","TROJ_KILLAV.NB","C:\System Volume Information\_restore{8357CB77-1DBD-43BC-B2F8-E849AAB0887F}\RP2099\A0248604.exe","Quarantine Success",""
"13:21","Manual Scan","File","TROJ_KILLAV.NB","C:\System Volume Information\_restore{8357CB77-1DBD-43BC-B2F8-E849AAB0887F}\RP2099\A0248605.exe","Quarantine Success",""
"13:22","Manual Scan","File","TROJ_KILLAV.NB","C:\System Volume Information\_restore{8357CB77-1DBD-43BC-B2F8-E849AAB0887F}\RP2104\A0248798.exe","Quarantine Success",""
"13:22","Manual Scan","File","TROJ_KILLAV.NB","C:\System Volume Information\_restore{8357CB77-1DBD-43BC-B2F8-E849AAB0887F}\RP2116\A0249005.exe","Quarantine Success",""
"13:45","Manual Scan","File","TROJ_KILLAV.NB","C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe","Quarantine Success",""
"13:51","Manual Scan","File","TROJ_KILLAV.NB","C:\Program Files\AWS\WeatherBug\Weather.exe","Quarantine Success",""
"13:51","Manual Scan","File","TROJ_KILLAV.NB","C:\Program Files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe","Quarantine Success",""
"15:46","File Monitor","File","TROJ_KILLAV.NB","C:\System Volume Information\_restore{8357CB77-1DBD-43BC-B2F8-E849AAB0887F}\RP2121\A0250316.exe","Quarantine Success",""
"15:46","File Monitor","File","TROJ_KILLAV.NB","C:\System Volume Information\_restore{8357CB77-1DBD-43BC-B2F8-E849AAB0887F}\RP2121\A0250317.exe","Quarantine Success",""
"15:46","File Monitor","File","TROJ_KILLAV.NB","C:\System Volume Information\_restore{8357CB77-1DBD-43BC-B2F8-E849AAB0887F}\RP2121\A0250318.exe","Quarantine Success",""

BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,323 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:05:37 AM

Posted 16 February 2008 - 12:22 AM

You have a downloader trojan called Downloader.Agent.awf or Downloader.Agent.ayy. This trojan replaces legitimate files that are common on most computers with an infected file. It then moves the legitimate file to a "bak" or backup folder. Please follow steps below:

Copy the file paths in quote below to the clipboard, highlight all of them right-click and choose copy, or highlight them and press Ctrl+C:

"C:\WINDOWS\bak\V0230Mon.exe"
"C:\Live! Cam\Live! Cam Video IM Pro\V0230Mon.exe"
"C:\WINDOWS\CtDrvInstall\{76303233-30646576-0000000000000000}\V0230Mon.exe"
"C:\WINDOWS\system32\ctfmon.exe"
"C:\WINDOWS\system32\bak\ctfmon.exe"


Double-click on the FindAWF.exe file to run it.
It will open a command prompt and ask you to "Press any key to continue".
You will be presented with a Menu.
Type 2, then press Enter.
Press any key to continue.
A Notepad document files.txt will appear with instructions to click below the line and paste the list of files to be restored.
Right click below the line and paste the list of files that were copied to the clipboard (Ctrl+V).
Close Notepad and you will receive prompt to save the changes, click Yes.
The program will proceed with working.
It may take a few minutes to complete so be patient.
When the scan is finished, it will open a text file in notepad called AWF.txt.
Return to this thread and copy and paste the contents of the AWF.txt file in your next reply.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 bostondg

bostondg
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:04:37 AM

Posted 16 February 2008 - 08:48 AM

Thanks for your help! :thumbsup:
-----------------------------------------

Find AWF report by noahdfear 2006
Version 1.40
Option 2 run successfully

The current date is: Sat 02/16/2008
The current time is: 8:10:04.52


bak folders found
~~~~~~~~~~~


Directory of C:\WINDOWS\BAK

09/07/2006 01:01 AM 32,768 V0230Mon.exe
1 File(s) 32,768 bytes

Directory of C:\WINDOWS\SYSTEM32\BAK

08/04/2004 02:56 AM 15,360 ctfmon.exe
1 File(s) 15,360 bytes

Directory of C:\PROGRA~1\QUICKT~1\BAK

01/07/2006 05:58 PM 155,648 qttask.exe
1 File(s) 155,648 bytes

Directory of C:\PROGRA~1\QUICKENW\BAK

0 File(s) 0 bytes

Directory of C:\PROGRA~1\EARTHL~1\BAK

0 File(s) 0 bytes

Directory of C:\PROGRA~1\MSNMES~1\BAK

0 File(s) 0 bytes

Directory of C:\PROGRA~1\HP\HPCORE~1\BAK

12/22/2003 08:38 AM 241,664 hpcmpmgr.exe
1 File(s) 241,664 bytes

Directory of C:\PROGRA~1\YAHOO!\MESSEN~1\BAK

0 File(s) 0 bytes

Directory of C:\PROGRA~1\GOOGLE\GOOGLE~1\BAK

07/26/2007 11:54 PM 68,856 GoogleToolbarNotifier.exe
1 File(s) 68,856 bytes

Directory of C:\PROGRA~1\AWS\WEATHE~1\BAK

06/07/2005 01:58 PM 1,339,392 Weather.exe
1 File(s) 1,339,392 bytes

Directory of C:\PROGRA~1\HEWLET~1\HPSOFT~1\BAK

02/16/2005 11:11 PM 49,152 HPWuSchd2.exe
1 File(s) 49,152 bytes

Directory of C:\PROGRA~1\MICROI~1\OPTICA~1\BAK

03/15/2007 01:15 PM 356,352 mouse32a.exe
1 File(s) 356,352 bytes

Directory of C:\PROGRA~1\COMMON~1\MICROS~1\WORKSS~1\BAK

08/16/2001 10:41 PM 28,738 WkUFind.exe
1 File(s) 28,738 bytes

Directory of C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\BAK

09/11/2006 04:40 AM 218,032 ISUSPM.exe
1 File(s) 218,032 bytes

Directory of C:\PROGRA~1\ADOBE\READER~1.0\READER\BAK

10/10/2007 07:51 PM 39,792 Reader_sl.exe
1 File(s) 39,792 bytes

Directory of C:\PROGRA~1\JAVA\JRE16~3.0_0\BIN\BAK

09/25/2007 01:11 AM 132,496 jusched.exe
1 File(s) 132,496 bytes

Directory of C:\PROGRA~1\VERIZO~1\SUPPOR~1\SMARTB~1\BAK

04/17/2005 07:31 AM 385,024 MotiveSB.exe
1 File(s) 385,024 bytes

Directory of C:\PROGRA~1\CREATIVE\CREATI~1\LIVE!C~2\BAK

09/06/2006 09:42 AM 143,360 CTLCMgr.exe
1 File(s) 143,360 bytes

Directory of C:\PROGRA~1\CREATIVE\CREATI~1\VIDEOFX\BAK

10/09/2006 01:49 PM 20,480 StartFX.exe
1 File(s) 20,480 bytes

Directory of C:\PROGRA~1\LOGITECH\DESKTO~1\8876480\PROGRAM\BAK

03/08/2007 07:12 PM 67,128 LogitechDesktopMessenger.exe
1 File(s) 67,128 bytes

Directory of C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\BAK

03/04/2004 11:46 AM 172,032 hpztsb10.exe
1 File(s) 172,032 bytes

Directory of D:\PROGRA~1\BAK

0 File(s) 0 bytes

Directory of D:\PROGRA~1\SIMPLE~1\PHOTOS~1\DATA\XTRAS\BAK

0 File(s) 0 bytes


Duplicate files of bak directory contents
~~~~~~~~~~~~~~~~~~~~~~~

32768 Sep 7 2006 "C:\WINDOWS\V0230Mon.exe"
32768 Sep 7 2006 "C:\WINDOWS\bak\V0230Mon.exe"
32768 Sep 7 2006 "C:\Live! Cam\Live! Cam Video IM Pro\V0230Mon.exe"
32768 Sep 7 2006 "C:\WINDOWS\CtDrvInstall\{76303233-30646576-0000000000000000}\V0230Mon.exe"
15360 Aug 4 2004 "C:\WINDOWS\system32\ctfmon.exe"
15360 Aug 4 2004 "C:\WINDOWS\system32\bak\ctfmon.exe"
385024 Jan 31 2008 "C:\Program Files\QuickTime\QTTask.exe"
155648 Jan 7 2006 "C:\Program Files\QuickTime\bak\qttask.exe"
241664 Dec 22 2003 "C:\Program Files\HP\hpcoretech\bak\hpcmpmgr.exe"
52272 Jun 13 2007 "C:\Program Files\Google\googletoolbar3user.exe"
98304 Aug 5 2007 "C:\My Games\Family Feud™ 2\googlestubinst.exe"
3379200 Aug 5 2007 "C:\Program Files\Real\RealArcade\GoogleInstApp.exe"
583696 Jan 28 2007 "C:\Program Files\Common Files\Real\GToolbar\GoogleToolbarInstaller.exe"
138168 Jun 13 2007 "C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe"
68856 Jul 26 2007 "C:\Program Files\Google\GoogleToolbarNotifier\bak\GoogleToolbarNotifier.exe"
1339392 Jun 7 2005 "C:\Program Files\AWS\WeatherBug\bak\Weather.exe"
49152 Feb 16 2005 "C:\Program Files\Hewlett-Packard\HP Software Update\bak\HPWuSchd2.exe"
356352 Mar 15 2007 "C:\Program Files\Micro Innovations\Optical Scroll\bak\mouse32a.exe"
28738 Aug 16 2001 "C:\Program Files\Common Files\Microsoft Shared\Works Shared\bak\WkUFind.exe"
218032 Sep 11 2006 "C:\Program Files\Common Files\InstallShield\UpdateService\bak\ISUSPM.exe"
39792 Jan 11 2008 "C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe"
39792 Oct 10 2007 "C:\Program Files\Adobe\Reader 8.0\Reader\bak\Reader_sl.exe"
49263 Oct 12 2006 "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
83608 Mar 14 2007 "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
132496 Jul 12 2007 "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
132496 Sep 25 2007 "C:\Program Files\Java\jre1.6.0_03\bin\bak\jusched.exe"
385024 Apr 17 2005 "C:\Program Files\Verizon Online\SupportCenter\SmartBridge\Updates\MotiveSB.exe"
327680 May 18 2002 "C:\Program Files\Verizon Online\SupportCenter\SmartBridge\Original\MotiveSB.exe"
385024 Apr 17 2005 "C:\Program Files\Verizon Online\SupportCenter\SmartBridge\bak\MotiveSB.exe"
143360 Sep 6 2006 "C:\Program Files\Creative\Creative Live! Cam\Live! Cam Manager\bak\CTLCMgr.exe"
20480 Oct 9 2006 "C:\Program Files\Creative\Creative Live! Cam\VideoFX\bak\StartFX.exe"
67128 Mar 8 2007 "C:\Program Files\Logitech\Desktop Messenger\8876480\Program\bak\LogitechDesktopMessenger.exe"
172032 Mar 4 2004 "C:\WINDOWS\system32\spool\drivers\w32x86\3\bak\hpztsb10.exe"


end of report

#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,323 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:05:37 AM

Posted 16 February 2008 - 10:23 PM

Copy the paths in quote below to the clipboard, highlight all of them right-click and choose copy, or highlight them and press Ctrl+C:

C:\WINDOWS\bak
C:\WINDOWS\system32\bak
C:\Program Files\Verizon Online\SupportCenter\SmartBridge\bak


Double-click on the FindAWF.exe file to run it.
It will open a command prompt and ask you to "Press any key to continue".
You will be presented with a Menu.
Type 3, then press Enter.
Press any key to continue.
A Notepad document folders.txt will appear with instructions to click below the line and paste the list of folders to be removed.
Right click below the line and paste the list of paths that were copied to the clipboard (Ctrl+V).
Close Notepad and you will receive prompt to save the changes, click Yes.
The program will proceed with working.
It may take a few minutes to complete so be patient.
When the scan is finished, it will open a text file in notepad called AWF.txt.
Return to this thread and copy and paste the contents of the AWF.txt file in your next reply

Edited by boopme, 16 February 2008 - 10:36 PM.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#5 bostondg

bostondg
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:04:37 AM

Posted 20 February 2008 - 08:54 PM

Sorry it took so long to reply. I thought I would get an update to my last posting.

Again Thanks for the help!!! :thumbsup:


Find AWF report by noahdfear 2006
Version 1.40
Option 3 run successfully

The current date is: Wed 02/20/2008
The current time is: 20:30:11.68


bak folders found
~~~~~~~~~~~


Directory of C:\PROGRA~1\QUICKT~1\BAK

01/07/2006 05:58 PM 155,648 qttask.exe
1 File(s) 155,648 bytes

Directory of C:\PROGRA~1\QUICKENW\BAK

0 File(s) 0 bytes

Directory of C:\PROGRA~1\EARTHL~1\BAK

0 File(s) 0 bytes

Directory of C:\PROGRA~1\MSNMES~1\BAK

0 File(s) 0 bytes

Directory of C:\PROGRA~1\HP\HPCORE~1\BAK

12/22/2003 08:38 AM 241,664 hpcmpmgr.exe
1 File(s) 241,664 bytes

Directory of C:\PROGRA~1\YAHOO!\MESSEN~1\BAK

0 File(s) 0 bytes

Directory of C:\PROGRA~1\GOOGLE\GOOGLE~1\BAK

07/26/2007 11:54 PM 68,856 GoogleToolbarNotifier.exe
1 File(s) 68,856 bytes

Directory of C:\PROGRA~1\AWS\WEATHE~1\BAK

06/07/2005 01:58 PM 1,339,392 Weather.exe
1 File(s) 1,339,392 bytes

Directory of C:\PROGRA~1\HEWLET~1\HPSOFT~1\BAK

02/16/2005 11:11 PM 49,152 HPWuSchd2.exe
1 File(s) 49,152 bytes

Directory of C:\PROGRA~1\MICROI~1\OPTICA~1\BAK

03/15/2007 01:15 PM 356,352 mouse32a.exe
1 File(s) 356,352 bytes

Directory of C:\PROGRA~1\COMMON~1\MICROS~1\WORKSS~1\BAK

08/16/2001 10:41 PM 28,738 WkUFind.exe
1 File(s) 28,738 bytes

Directory of C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\BAK

09/11/2006 04:40 AM 218,032 ISUSPM.exe
1 File(s) 218,032 bytes

Directory of C:\PROGRA~1\ADOBE\READER~1.0\READER\BAK

10/10/2007 07:51 PM 39,792 Reader_sl.exe
1 File(s) 39,792 bytes

Directory of C:\PROGRA~1\JAVA\JRE16~3.0_0\BIN\BAK

09/25/2007 01:11 AM 132,496 jusched.exe
1 File(s) 132,496 bytes

Directory of C:\PROGRA~1\CREATIVE\CREATI~1\LIVE!C~2\BAK

09/06/2006 09:42 AM 143,360 CTLCMgr.exe
1 File(s) 143,360 bytes

Directory of C:\PROGRA~1\CREATIVE\CREATI~1\VIDEOFX\BAK

10/09/2006 01:49 PM 20,480 StartFX.exe
1 File(s) 20,480 bytes

Directory of C:\PROGRA~1\LOGITECH\DESKTO~1\8876480\PROGRAM\BAK

03/08/2007 07:12 PM 67,128 LogitechDesktopMessenger.exe
1 File(s) 67,128 bytes

Directory of C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\BAK

03/04/2004 11:46 AM 172,032 hpztsb10.exe
1 File(s) 172,032 bytes

Directory of D:\PROGRA~1\BAK

0 File(s) 0 bytes

Directory of D:\PROGRA~1\SIMPLE~1\PHOTOS~1\DATA\XTRAS\BAK

0 File(s) 0 bytes


Duplicate files of bak directory contents
~~~~~~~~~~~~~~~~~~~~~~~

385024 Jan 31 2008 "C:\Program Files\QuickTime\QTTask.exe"
155648 Jan 7 2006 "C:\Program Files\QuickTime\bak\qttask.exe"
241664 Dec 22 2003 "C:\Program Files\HP\hpcoretech\bak\hpcmpmgr.exe"
52272 Jun 13 2007 "C:\Program Files\Google\googletoolbar3user.exe"
98304 Aug 5 2007 "C:\My Games\Family Feud™ 2\googlestubinst.exe"
3379200 Aug 5 2007 "C:\Program Files\Real\RealArcade\GoogleInstApp.exe"
583696 Jan 28 2007 "C:\Program Files\Common Files\Real\GToolbar\GoogleToolbarInstaller.exe"
138168 Jun 13 2007 "C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe"
68856 Jul 26 2007 "C:\Program Files\Google\GoogleToolbarNotifier\bak\GoogleToolbarNotifier.exe"
1339392 Jun 7 2005 "C:\Program Files\AWS\WeatherBug\bak\Weather.exe"
49152 Feb 16 2005 "C:\Program Files\Hewlett-Packard\HP Software Update\bak\HPWuSchd2.exe"
356352 Mar 15 2007 "C:\Program Files\Micro Innovations\Optical Scroll\bak\mouse32a.exe"
28738 Aug 16 2001 "C:\Program Files\Common Files\Microsoft Shared\Works Shared\bak\WkUFind.exe"
218032 Sep 11 2006 "C:\Program Files\Common Files\InstallShield\UpdateService\bak\ISUSPM.exe"
39792 Jan 11 2008 "C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe"
39792 Oct 10 2007 "C:\Program Files\Adobe\Reader 8.0\Reader\bak\Reader_sl.exe"
49263 Oct 12 2006 "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
83608 Mar 14 2007 "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
132496 Jul 12 2007 "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
132496 Sep 25 2007 "C:\Program Files\Java\jre1.6.0_03\bin\bak\jusched.exe"
143360 Sep 6 2006 "C:\Program Files\Creative\Creative Live! Cam\Live! Cam Manager\bak\CTLCMgr.exe"
20480 Oct 9 2006 "C:\Program Files\Creative\Creative Live! Cam\VideoFX\bak\StartFX.exe"
67128 Mar 8 2007 "C:\Program Files\Logitech\Desktop Messenger\8876480\Program\bak\LogitechDesktopMessenger.exe"
172032 Mar 4 2004 "C:\WINDOWS\system32\spool\drivers\w32x86\3\bak\hpztsb10.exe"


end of report

#6 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,323 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:05:37 AM

Posted 20 February 2008 - 11:25 PM

We need to do 3 again it found more. There's only 1 and maybe 2 more.


Copy the paths in quote below to the clipboard, highlight all of them right-click and choose copy, or highlight them and press Ctrl+C:

C:\Program Files\QuickTime\bak
C:\Program Files\HP\hpcoretech\bak
C:\Program Files\AWS\WeatherBug\bak
C:\Program Files\Google\GoogleToolbarNotifier\bak
C:\Program Files\Hewlett-Packard\HP Software Update
C:\Program Files\Micro Innovations\Optical Scroll\bak
C:\Program Files\Common Files\Microsoft Shared\Works Shared\bak
C:\Program Files\Common Files\InstallShield\UpdateService\bak
C:\Program Files\Adobe\Reader 8.0\Reader\bak
C:\Program Files\Java\jre1.6.0_03\bin\bak
C:\Program Files\Creative\Creative Live! Cam\Live! Cam Manager\bak
C:\Program Files\Creative\Creative Live! Cam\VideoFX\bak
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\bak
C:\WINDOWS\system32\spool\drivers\w32x86\3\bak


Double-click on the FindAWF.exe file to run it.
It will open a command prompt and ask you to "Press any key to continue".
You will be presented with a Menu.
Type 3, then press Enter.
Press any key to continue.
A Notepad document folders.txt will appear with instructions to click below the line and paste the list of folders to be removed.
Right click below the line and paste the list of paths that were copied to the clipboard (Ctrl+V).
Close Notepad and you will receive prompt to save the changes, click Yes.
The program will proceed with working.
It may take a few minutes to complete so be patient.
When the scan is finished, it will open a text file in notepad called AWF.txt.
Return to this thread and copy and paste the contents of the AWF.txt file in your next reply.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#7 bostondg

bostondg
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:04:37 AM

Posted 21 February 2008 - 05:54 PM

Find AWF report by noahdfear 2006
Version 1.40
Option 3 run successfully

The current date is: Thu 02/21/2008
The current time is: 17:49:52.78


bak folders found
~~~~~~~~~~~


Directory of C:\PROGRA~1\QUICKENW\BAK

0 File(s) 0 bytes

Directory of C:\PROGRA~1\EARTHL~1\BAK

0 File(s) 0 bytes

Directory of C:\PROGRA~1\MSNMES~1\BAK

0 File(s) 0 bytes

Directory of C:\PROGRA~1\YAHOO!\MESSEN~1\BAK

0 File(s) 0 bytes

Directory of C:\PROGRA~1\HEWLET~1\HPSOFT~1\BAK

02/16/2005 11:11 PM 49,152 HPWuSchd2.exe
1 File(s) 49,152 bytes

Directory of D:\PROGRA~1\BAK

0 File(s) 0 bytes

Directory of D:\PROGRA~1\SIMPLE~1\PHOTOS~1\DATA\XTRAS\BAK

0 File(s) 0 bytes


Duplicate files of bak directory contents
~~~~~~~~~~~~~~~~~~~~~~~

49152 Feb 16 2005 "C:\Program Files\Hewlett-Packard\HP Software Update\bak\HPWuSchd2.exe"


end of report

#8 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,323 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:05:37 AM

Posted 21 February 2008 - 07:20 PM

Hello ,Please one more Option 3 ,then run Option 4, Stubborn thing.
Copy the paths in quote below to the clipboard, highlight all of them right-click and choose copy, or highlight them and press Ctrl+C:

C:\Program Files\Hewlett-Packard\HP Software Update\bak


Double-click on the FindAWF.exe file to run it.
It will open a command prompt and ask you to "Press any key to continue".
You will be presented with a Menu.
Type 3, then press Enter.
Press any key to continue.
A Notepad document folders.txt will appear with instructions to click below the line and paste the list of folders to be removed.
Right click below the line and paste the list of paths that were copied to the clipboard (Ctrl+V).
Close Notepad and you will receive prompt to save the changes, click Yes.
The program will proceed with working.

EDIT: I removed option 4 as I want to be sure of what comes back.

Edited by boopme, 21 February 2008 - 07:26 PM.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#9 bostondg

bostondg
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:04:37 AM

Posted 21 February 2008 - 08:02 PM

Find AWF report by noahdfear 2006
Version 1.40
Option 3 run successfully

The current date is: Thu 02/21/2008
The current time is: 19:57:52.50


bak folders found
~~~~~~~~~~~


Directory of C:\PROGRA~1\QUICKENW\BAK

0 File(s) 0 bytes

Directory of C:\PROGRA~1\EARTHL~1\BAK

0 File(s) 0 bytes

Directory of C:\PROGRA~1\MSNMES~1\BAK

0 File(s) 0 bytes

Directory of C:\PROGRA~1\YAHOO!\MESSEN~1\BAK

0 File(s) 0 bytes

Directory of D:\PROGRA~1\BAK

0 File(s) 0 bytes

Directory of D:\PROGRA~1\SIMPLE~1\PHOTOS~1\DATA\XTRAS\BAK

0 File(s) 0 bytes


Duplicate files of bak directory contents
~~~~~~~~~~~~~~~~~~~~~~~



end of report

#10 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,323 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:05:37 AM

Posted 21 February 2008 - 08:55 PM

Hooray ,let's hope it's finally dead...Last step

Double-click on the FindAWF.exe file to run it.
It will open a command prompt and ask you to "Press any key to continue".
You will be presented with a Menu.
Press 4, then press Enter.
Press 1 then Enter to continue.
When done, you will receive similar message like this:Done! Zones have been reset
Press E then Enter to exit.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#11 bostondg

bostondg
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:04:37 AM

Posted 22 February 2008 - 04:57 AM

Thank you so much!

#12 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,323 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:05:37 AM

Posted 22 February 2008 - 02:46 PM

You're most welcome. Now just run this to clean up the crumbs and we're done.
Please download ATF Cleaner by Atribune. (This program is for XP and Windows 2000 only)Double-click ATF-Cleaner.exe to run the program.
Under Main "Select Files to Delete" choose: Select All.
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users