Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Iexplore Starts Up On Startup


  • Please log in to reply
11 replies to this topic

#1 mickeyho13

mickeyho13

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:01:14 PM

Posted 15 February 2008 - 09:32 PM

Whenever I start up my computer I go to the task manager and see a iexplore process? but a window is now open. I used some program to figure out where it went and its some site beginning with 88.80.7.66. Help? I try to end task everytime I catch it but I'm scared it might be more serious.

BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,917 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:01:14 PM

Posted 16 February 2008 - 12:47 AM

Welcome to Bleeping Computer
Click HERE to download FindAWF.exe and save it to your desktop.
Double-click on the FindAWF.exe file to run it.
It will open a command prompt and ask you to "Press any key to continue".
You will be presented with a Menu.
Type 1, then press Enter.
FindAWF tool will begin scanning.
It may take a few minutes to complete so be patient.
When the scan is finished, a text file in notepad called AWF.txt will automatically open.
Return to this thread and copy and paste the contents of the AWF.txt file in your next reply.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 mickeyho13

mickeyho13
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:01:14 PM

Posted 17 February 2008 - 09:37 AM

Thanks for the reply

Directory of C:\BAK

07/01/2004 04:20 PM 212,992 Updater.exe
1 File(s) 212,992 bytes

Directory of C:\PROGRA~1\QUICKT~1\BAK

09/24/2006 02:24 AM 282,624 qttask.exe
1 File(s) 282,624 bytes

Directory of C:\PROGRA~1\VERIZON\BAK

09/28/2007 01:30 PM 936,960 McciTrayApp.exe
1 File(s) 936,960 bytes

Directory of C:\PROGRA~1\WI4DF6~1\BAK

10/18/2006 09:58 PM 8,704 WMCCFG.exe
1 File(s) 8,704 bytes

Directory of C:\PROGRA~1\WINDOW~3\BAK

10/18/2006 08:05 PM 204,288 WMPNSCFG.exe
1 File(s) 204,288 bytes

Directory of C:\WINDOWS\SYSTEM32\BAK

08/04/2004 02:56 AM 15,360 ctfmon.exe
1 File(s) 15,360 bytes

Directory of C:\PROGRA~1\ATITEC~1\ATICON~1\BAK

05/05/2004 08:10 PM 339,968 atiptaxx.exe
1 File(s) 339,968 bytes

Directory of C:\PROGRA~1\ELABOR~1\VIRTUA~1\BAK

04/29/2006 08:21 AM 94,208 VCDDaemon.exe
1 File(s) 94,208 bytes

Directory of C:\PROGRA~1\SONY\SONICS~1\BAK

06/03/2005 06:16 AM 81,920 SsAAD.exe
1 File(s) 81,920 bytes

Directory of C:\PROGRA~1\VERIZON\VSP\BAK

05/11/2007 03:20 PM 2,061,816 VerizonServicepoint.exe
1 File(s) 2,061,816 bytes

Directory of C:\DOCUME~1\MICHELLE\LOCALS~1\TEMP\BAK

04/10/2003 10:24 PM 495,616 UIUCU.EXE
1 File(s) 495,616 bytes

Directory of C:\PROGRA~1\ADOBE\READER~1.0\READER\BAK

10/10/2007 06:51 PM 39,792 Reader_sl.exe
1 File(s) 39,792 bytes

Directory of C:\PROGRA~1\COMMON~1\MICROS~1\WORKSS~1\BAK

09/13/2003 08:36 PM 50,688 WkUFind.exe
1 File(s) 50,688 bytes

Directory of C:\PROGRA~1\COMMON~1\REAL\UPDATE~1\BAK

09/12/2007 09:42 PM 185,632 realsched.exe
1 File(s) 185,632 bytes

Directory of C:\PROGRA~1\JAVA\JRE16~3.0_0\BIN\BAK

09/25/2007 12:11 AM 132,496 jusched.exe
1 File(s) 132,496 bytes

Directory of C:\PROGRA~1\ADOBE\PHOTOS~2\3.0\APPS\BAK

06/06/2005 10:46 PM 57,344 apdproxy.exe
1 File(s) 57,344 bytes


Duplicate files of bak directory contents
~~~~~~~~~~~~~~~~~~~~~~~

14348 Jan 30 2008 "C:\Updater.exe"
212992 Jul 1 2004 "C:\bak\Updater.exe"
132232 Nov 28 2007 "C:\Program Files\Mozilla Firefox\updater.exe"
973394 Jan 19 2008 "Z:\World of Warcraft\WoW-1.12.x-to-2.0.1-enUS-patch\Updater.exe"
14348 Jan 30 2008 "C:\Program Files\QuickTime\qttask.exe"
282624 Sep 24 2006 "C:\Program Files\QuickTime\bak\qttask.exe"
14348 Jan 30 2008 "C:\Program Files\Verizon\McciTrayApp.exe"
936960 Sep 28 2007 "C:\Program Files\Verizon\bak\McciTrayApp.exe"
14348 Jan 30 2008 "C:\Program Files\Windows Media Connect 2\WMCCFG.exe"
368128 Oct 6 2005 "C:\WINDOWS\$NtUninstallwmp11$\wmccfg.exe"
8704 Oct 18 2006 "C:\Program Files\Windows Media Connect 2\bak\WMCCFG.exe"
14348 Jan 30 2008 "C:\Program Files\Windows Media Player\WMPNSCFG.exe"
204288 Oct 18 2006 "C:\Program Files\Windows Media Player\bak\WMPNSCFG.exe"
15360 Aug 4 2004 "C:\WINDOWS\system32\ctfmon.exe"
15360 Aug 4 2004 "C:\WINDOWS\system32\bak\ctfmon.exe"
14348 Jan 30 2008 "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
339968 May 5 2004 "C:\Program Files\ATI Technologies\ATI Control Panel\bak\atiptaxx.exe"
14348 Jan 30 2008 "C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe"
94208 Apr 29 2006 "C:\Program Files\Elaborate Bytes\VirtualCloneDrive\bak\VCDDaemon.exe"
14348 Jan 30 2008 "C:\Program Files\Sony\SonicStage\SsAAD.exe"
81920 Jun 3 2005 "C:\Program Files\Sony\SonicStage\bak\SsAAD.exe"
14348 Jan 30 2008 "C:\Program Files\Verizon\VSP\VerizonServicepoint.exe"
10153176 Jan 6 2008 "C:\Documents and Settings\Michelle\Local Settings\Temp\verizonhelpSupport.exe"
2061816 May 11 2007 "C:\Program Files\Verizon\VSP\bak\VerizonServicepoint.exe"
14348 Jan 30 2008 "C:\Documents and Settings\Michelle\Local Settings\Temp\UIUCU.EXE"
495616 Apr 10 2003 "C:\Documents and Settings\Michelle\Local Settings\Temp\bak\UIUCU.EXE"
14348 Jan 30 2008 "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
39792 Oct 10 2007 "C:\Program Files\Adobe\Reader 8.0\Reader\bak\Reader_sl.exe"
14348 Jan 30 2008 "C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe"
50688 Sep 13 2003 "C:\Program Files\Common Files\Microsoft Shared\Works Shared\bak\WkUFind.exe"
14348 Jan 30 2008 "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"
185632 Sep 12 2007 "C:\Program Files\Common Files\Real\Update_OB\bak\realsched.exe"
32881 May 9 2006 "C:\Program Files\Java\j2re1.4.2_12\bin\jusched.exe"
36975 Mar 4 2005 "C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe"
49263 Nov 9 2006 "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
36975 Jun 3 2005 "C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe"
75520 Dec 15 2006 "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
36975 Nov 10 2005 "C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe"
49263 Oct 12 2006 "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
83608 Mar 14 2007 "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
132496 Jul 12 2007 "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
14348 Jan 30 2008 "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
132496 Sep 25 2007 "C:\Program Files\Java\jre1.6.0_03\bin\bak\jusched.exe"
14348 Jan 30 2008 "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
57344 Jun 6 2005 "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\bak\apdproxy.exe"

#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,917 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:01:14 PM

Posted 17 February 2008 - 10:39 PM

You have a downloader trojan called Downloader.Agent.awf or Downloader.Agent.ayy. This trojan replaces legitimate files that are common on most computers with an infected file. It then moves the legitimate file to a "bak" or backup folder. Please follow steps below:

Copy the file paths in quote below to the clipboard, highlight all of them right-click and choose copy, or highlight them and press Ctrl+C:

"C:\Updater.exe"
"C:\Program Files\QuickTime\qttask.exe"
"C:\Program Files\Verizon\McciTrayApp.exe"
"C:\Program Files\Windows Media Connect 2\WMCCFG.exe"
"C:\Program Files\Windows Media Player\WMPNSCFG.exe"
"C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
"C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe"
"C:\Program Files\Sony\SonicStage\SsAAD.exe"
"C:\Program Files\Verizon\VSP\VerizonServicepoint.exe"
"C:\Documents and Settings\Michelle\Local Settings\Temp\UIUCU.EXE"
"C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe"
"C:\Program Files\Common Files\Real\Update_OB\realsched.exe"
"C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
"C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
"C:\WINDOWS\system32\ctfmon.exe"
"C:\WINDOWS\system32\bak\ctfmon.exe"
"C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
"C:\Program Files\Java\jre1.6.0_03\bin\bak\jusched.exe"


Double-click on the FindAWF.exe file to run it.
It will open a command prompt and ask you to "Press any key to continue".
You will be presented with a Menu.
Type 2, then press Enter.
Press any key to continue.
A Notepad document files.txt will appear with instructions to click below the line and paste the list of files to be restored.
Right click below the line and paste the list of files that were copied to the clipboard (Ctrl+V).
Close Notepad and you will receive prompt to save the changes, click Yes.
The program will proceed with working.
It may take a few minutes to complete so be patient.
When the scan is finished, it will open a text file in notepad called AWF.txt.
Return to this thread and copy and paste the contents of the AWF.txt file in your next reply
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#5 mickeyho13

mickeyho13
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:01:14 PM

Posted 18 February 2008 - 12:21 AM

Directory of C:\BAK

07/01/2004 04:20 PM 212,992 Updater.exe
1 File(s) 212,992 bytes

Directory of C:\PROGRA~1\QUICKT~1\BAK

09/24/2006 02:24 AM 282,624 qttask.exe
1 File(s) 282,624 bytes

Directory of C:\PROGRA~1\VERIZON\BAK

09/28/2007 01:30 PM 936,960 McciTrayApp.exe
1 File(s) 936,960 bytes

Directory of C:\PROGRA~1\WI4DF6~1\BAK

10/18/2006 09:58 PM 8,704 WMCCFG.exe
1 File(s) 8,704 bytes

Directory of C:\PROGRA~1\WINDOW~3\BAK

10/18/2006 08:05 PM 204,288 WMPNSCFG.exe
1 File(s) 204,288 bytes

Directory of C:\WINDOWS\SYSTEM32\BAK

08/04/2004 02:56 AM 15,360 ctfmon.exe
1 File(s) 15,360 bytes

Directory of C:\PROGRA~1\ATITEC~1\ATICON~1\BAK

05/05/2004 08:10 PM 339,968 atiptaxx.exe
1 File(s) 339,968 bytes

Directory of C:\PROGRA~1\ELABOR~1\VIRTUA~1\BAK

04/29/2006 08:21 AM 94,208 VCDDaemon.exe
1 File(s) 94,208 bytes

Directory of C:\PROGRA~1\SONY\SONICS~1\BAK

06/03/2005 06:16 AM 81,920 SsAAD.exe
1 File(s) 81,920 bytes

Directory of C:\PROGRA~1\VERIZON\VSP\BAK

05/11/2007 03:20 PM 2,061,816 VerizonServicepoint.exe
1 File(s) 2,061,816 bytes

Directory of C:\DOCUME~1\MICHELLE\LOCALS~1\TEMP\BAK

04/10/2003 10:24 PM 495,616 UIUCU.EXE
1 File(s) 495,616 bytes

Directory of C:\PROGRA~1\ADOBE\READER~1.0\READER\BAK

10/10/2007 06:51 PM 39,792 Reader_sl.exe
1 File(s) 39,792 bytes

Directory of C:\PROGRA~1\COMMON~1\MICROS~1\WORKSS~1\BAK

09/13/2003 08:36 PM 50,688 WkUFind.exe
1 File(s) 50,688 bytes

Directory of C:\PROGRA~1\COMMON~1\REAL\UPDATE~1\BAK

09/12/2007 09:42 PM 185,632 realsched.exe
1 File(s) 185,632 bytes

Directory of C:\PROGRA~1\JAVA\JRE16~3.0_0\BIN\BAK

09/25/2007 12:11 AM 132,496 jusched.exe
1 File(s) 132,496 bytes

Directory of C:\PROGRA~1\ADOBE\PHOTOS~2\3.0\APPS\BAK

06/06/2005 10:46 PM 57,344 apdproxy.exe
1 File(s) 57,344 bytes


Duplicate files of bak directory contents
~~~~~~~~~~~~~~~~~~~~~~~

14348 Jan 30 2008 "C:\Updater.exe"
212992 Jul 1 2004 "C:\bak\Updater.exe"
132232 Nov 28 2007 "C:\Program Files\Mozilla Firefox\updater.exe"
973394 Jan 19 2008 "Z:\World of Warcraft\WoW-1.12.x-to-2.0.1-enUS-patch\Updater.exe"
14348 Jan 30 2008 "C:\Program Files\QuickTime\qttask.exe"
282624 Sep 24 2006 "C:\Program Files\QuickTime\bak\qttask.exe"
14348 Jan 30 2008 "C:\Program Files\Verizon\McciTrayApp.exe"
936960 Sep 28 2007 "C:\Program Files\Verizon\bak\McciTrayApp.exe"
14348 Jan 30 2008 "C:\Program Files\Windows Media Connect 2\WMCCFG.exe"
368128 Oct 6 2005 "C:\WINDOWS\$NtUninstallwmp11$\wmccfg.exe"
8704 Oct 18 2006 "C:\Program Files\Windows Media Connect 2\bak\WMCCFG.exe"
14348 Jan 30 2008 "C:\Program Files\Windows Media Player\WMPNSCFG.exe"
204288 Oct 18 2006 "C:\Program Files\Windows Media Player\bak\WMPNSCFG.exe"
15360 Aug 4 2004 "C:\WINDOWS\system32\ctfmon.exe"
15360 Aug 4 2004 "C:\WINDOWS\system32\bak\ctfmon.exe"
14348 Jan 30 2008 "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
339968 May 5 2004 "C:\Program Files\ATI Technologies\ATI Control Panel\bak\atiptaxx.exe"
14348 Jan 30 2008 "C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe"
94208 Apr 29 2006 "C:\Program Files\Elaborate Bytes\VirtualCloneDrive\bak\VCDDaemon.exe"
14348 Jan 30 2008 "C:\Program Files\Sony\SonicStage\SsAAD.exe"
81920 Jun 3 2005 "C:\Program Files\Sony\SonicStage\bak\SsAAD.exe"
14348 Jan 30 2008 "C:\Program Files\Verizon\VSP\VerizonServicepoint.exe"
10153176 Jan 6 2008 "C:\Documents and Settings\Michelle\Local Settings\Temp\verizonhelpSupport.exe"
2061816 May 11 2007 "C:\Program Files\Verizon\VSP\bak\VerizonServicepoint.exe"
14348 Jan 30 2008 "C:\Documents and Settings\Michelle\Local Settings\Temp\UIUCU.EXE"
495616 Apr 10 2003 "C:\Documents and Settings\Michelle\Local Settings\Temp\bak\UIUCU.EXE"
14348 Jan 30 2008 "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
39792 Oct 10 2007 "C:\Program Files\Adobe\Reader 8.0\Reader\bak\Reader_sl.exe"
14348 Jan 30 2008 "C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe"
50688 Sep 13 2003 "C:\Program Files\Common Files\Microsoft Shared\Works Shared\bak\WkUFind.exe"
14348 Jan 30 2008 "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"
185632 Sep 12 2007 "C:\Program Files\Common Files\Real\Update_OB\bak\realsched.exe"
32881 May 9 2006 "C:\Program Files\Java\j2re1.4.2_12\bin\jusched.exe"
36975 Mar 4 2005 "C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe"
49263 Nov 9 2006 "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
36975 Jun 3 2005 "C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe"
75520 Dec 15 2006 "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
36975 Nov 10 2005 "C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe"
49263 Oct 12 2006 "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
83608 Mar 14 2007 "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
132496 Jul 12 2007 "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
132496 Sep 25 2007 "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
132496 Sep 25 2007 "C:\Program Files\Java\jre1.6.0_03\bin\bak\jusched.exe"
14348 Jan 30 2008 "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
57344 Jun 6 2005 "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\bak\apdproxy.exe"

#6 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,917 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:01:14 PM

Posted 18 February 2008 - 05:42 PM

Double-click the FindAWF icon once again.
  • If a "Security Alert" shows, allow the program to run.
  • A command prompt will open and ask you to "Press any key to continue...".
  • You will be presented with a Menu.
  • Press 2 then 'Enter' to restore files from bak folders
  • A text file named files.txt will then open.
  • Click below the line and copy/paste the following list of files in the quote box into the text file:

"C:\bak\Updater.exe"
"C:\Program Files\QuickTime\bak\qttask.exe"
"C:\Program Files\Verizon\bak\McciTrayApp.exe"
"C:\Program Files\Windows Media Connect 2\bak\WMCCFG.exe"
"C:\Program Files\Windows Media Player\bak\WMPNSCFG.exe"
"C:\WINDOWS\system32\bak\ctfmon.exe"
"C:\Program Files\ATI Technologies\ATI Control Panel\bak\atiptaxx.exe"
"C:\Program Files\Elaborate Bytes\VirtualCloneDrive\bak\VCDDaemon.exe"
"C:\Program Files\Sony\SonicStage\bak\SsAAD.exe"
"C:\Program Files\Verizon\VSP\bak\VerizonServicepoint.exe"
"C:\Program Files\Adobe\Reader 8.0\Reader\bak\Reader_sl.exe"
"C:\Program Files\Common Files\Microsoft Shared\Works Shared\bak\WkUFind.exe"
"C:\Program Files\Common Files\Real\Update_OB\bak\realsched.exe"
"C:\Program Files\Java\jre1.6.0_03\bin\bak\jusched.exe"
"C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\bak\apdproxy.exe"

  • Close the text file and click Yes to save the changes. Once files.txt is saved, FindAWF does the following:
    • It attempts to terminate the process represented by each filename on the list (if running).
    • Deletes the rogue file from the parent folder (if present).
    • Copies the original file to the parent folder.
  • When done, it automatically runs a new scan and opens a new log.
  • Please copy/paste the contents of the new awf.txt log in your reply.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#7 mickeyho13

mickeyho13
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:01:14 PM

Posted 18 February 2008 - 10:30 PM

Directory of C:\BAK

07/01/2004 04:20 PM 212,992 Updater.exe
1 File(s) 212,992 bytes

Directory of C:\PROGRA~1\QUICKT~1\BAK

09/24/2006 02:24 AM 282,624 qttask.exe
1 File(s) 282,624 bytes

Directory of C:\PROGRA~1\VERIZON\BAK

09/28/2007 01:30 PM 936,960 McciTrayApp.exe
1 File(s) 936,960 bytes

Directory of C:\PROGRA~1\WI4DF6~1\BAK

10/18/2006 09:58 PM 8,704 WMCCFG.exe
1 File(s) 8,704 bytes

Directory of C:\PROGRA~1\WINDOW~3\BAK

10/18/2006 08:05 PM 204,288 WMPNSCFG.exe
1 File(s) 204,288 bytes

Directory of C:\WINDOWS\SYSTEM32\BAK

08/04/2004 02:56 AM 15,360 ctfmon.exe
1 File(s) 15,360 bytes

Directory of C:\PROGRA~1\ATITEC~1\ATICON~1\BAK

05/05/2004 08:10 PM 339,968 atiptaxx.exe
1 File(s) 339,968 bytes

Directory of C:\PROGRA~1\ELABOR~1\VIRTUA~1\BAK

04/29/2006 08:21 AM 94,208 VCDDaemon.exe
1 File(s) 94,208 bytes

Directory of C:\PROGRA~1\SONY\SONICS~1\BAK

06/03/2005 06:16 AM 81,920 SsAAD.exe
1 File(s) 81,920 bytes

Directory of C:\PROGRA~1\VERIZON\VSP\BAK

05/11/2007 03:20 PM 2,061,816 VerizonServicepoint.exe
1 File(s) 2,061,816 bytes

Directory of C:\DOCUME~1\MICHELLE\LOCALS~1\TEMP\BAK

04/10/2003 10:24 PM 495,616 UIUCU.EXE
1 File(s) 495,616 bytes

Directory of C:\PROGRA~1\ADOBE\READER~1.0\READER\BAK

10/10/2007 06:51 PM 39,792 Reader_sl.exe
1 File(s) 39,792 bytes

Directory of C:\PROGRA~1\COMMON~1\MICROS~1\WORKSS~1\BAK

09/13/2003 08:36 PM 50,688 WkUFind.exe
1 File(s) 50,688 bytes

Directory of C:\PROGRA~1\COMMON~1\REAL\UPDATE~1\BAK

09/12/2007 09:42 PM 185,632 realsched.exe
1 File(s) 185,632 bytes

Directory of C:\PROGRA~1\JAVA\JRE16~3.0_0\BIN\BAK

09/25/2007 12:11 AM 132,496 jusched.exe
1 File(s) 132,496 bytes

Directory of C:\PROGRA~1\ADOBE\PHOTOS~2\3.0\APPS\BAK

06/06/2005 10:46 PM 57,344 apdproxy.exe
1 File(s) 57,344 bytes


Duplicate files of bak directory contents
~~~~~~~~~~~~~~~~~~~~~~~

212992 Jul 1 2004 "C:\Updater.exe"
212992 Jul 1 2004 "C:\bak\Updater.exe"
132232 Nov 28 2007 "C:\Program Files\Mozilla Firefox\updater.exe"
973394 Jan 19 2008 "Z:\World of Warcraft\WoW-1.12.x-to-2.0.1-enUS-patch\Updater.exe"
282624 Sep 24 2006 "C:\Program Files\QuickTime\qttask.exe"
282624 Sep 24 2006 "C:\Program Files\QuickTime\bak\qttask.exe"
936960 Sep 28 2007 "C:\Program Files\Verizon\McciTrayApp.exe"
936960 Sep 28 2007 "C:\Program Files\Verizon\bak\McciTrayApp.exe"
8704 Oct 18 2006 "C:\Program Files\Windows Media Connect 2\WMCCFG.exe"
368128 Oct 6 2005 "C:\WINDOWS\$NtUninstallwmp11$\wmccfg.exe"
8704 Oct 18 2006 "C:\Program Files\Windows Media Connect 2\bak\WMCCFG.exe"
204288 Oct 18 2006 "C:\Program Files\Windows Media Player\WMPNSCFG.exe"
204288 Oct 18 2006 "C:\Program Files\Windows Media Player\bak\WMPNSCFG.exe"
15360 Aug 4 2004 "C:\WINDOWS\system32\ctfmon.exe"
15360 Aug 4 2004 "C:\WINDOWS\system32\bak\ctfmon.exe"
339968 May 5 2004 "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
339968 May 5 2004 "C:\Program Files\ATI Technologies\ATI Control Panel\bak\atiptaxx.exe"
94208 Apr 29 2006 "C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe"
94208 Apr 29 2006 "C:\Program Files\Elaborate Bytes\VirtualCloneDrive\bak\VCDDaemon.exe"
81920 Jun 3 2005 "C:\Program Files\Sony\SonicStage\SsAAD.exe"
81920 Jun 3 2005 "C:\Program Files\Sony\SonicStage\bak\SsAAD.exe"
2061816 May 11 2007 "C:\Program Files\Verizon\VSP\VerizonServicepoint.exe"
10153176 Jan 6 2008 "C:\Documents and Settings\Michelle\Local Settings\Temp\verizonhelpSupport.exe"
2061816 May 11 2007 "C:\Program Files\Verizon\VSP\bak\VerizonServicepoint.exe"
14348 Jan 30 2008 "C:\Documents and Settings\Michelle\Local Settings\Temp\UIUCU.EXE"
495616 Apr 10 2003 "C:\Documents and Settings\Michelle\Local Settings\Temp\bak\UIUCU.EXE"
39792 Oct 10 2007 "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
39792 Oct 10 2007 "C:\Program Files\Adobe\Reader 8.0\Reader\bak\Reader_sl.exe"
50688 Sep 13 2003 "C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe"
50688 Sep 13 2003 "C:\Program Files\Common Files\Microsoft Shared\Works Shared\bak\WkUFind.exe"
185632 Sep 12 2007 "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"
185632 Sep 12 2007 "C:\Program Files\Common Files\Real\Update_OB\bak\realsched.exe"
32881 May 9 2006 "C:\Program Files\Java\j2re1.4.2_12\bin\jusched.exe"
36975 Mar 4 2005 "C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe"
49263 Nov 9 2006 "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
36975 Jun 3 2005 "C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe"
75520 Dec 15 2006 "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
36975 Nov 10 2005 "C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe"
49263 Oct 12 2006 "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
83608 Mar 14 2007 "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
132496 Jul 12 2007 "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
132496 Sep 25 2007 "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
132496 Sep 25 2007 "C:\Program Files\Java\jre1.6.0_03\bin\bak\jusched.exe"
57344 Jun 6 2005 "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
57344 Jun 6 2005 "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\bak\apdproxy.exe"

#8 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,122 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:01:14 PM

Posted 19 February 2008 - 08:03 AM

mickeyho13 could you please copy and paste the entire contents of the awf.txt log. You left off the header information which tells us if the option ran successfully followed by date and time.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#9 mickeyho13

mickeyho13
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:01:14 PM

Posted 19 February 2008 - 03:01 PM

Sorry. Here it is last time hopefully.


Find AWF report by noahdfear 2006
Version 1.40
Option 2 run successfully

The current date is: Tue 02/19/2008
The current time is: 14:44:15.07


bak folders found
~~~~~~~~~~~


Directory of C:\BAK

07/01/2004 04:20 PM 212,992 Updater.exe
1 File(s) 212,992 bytes

Directory of C:\PROGRA~1\QUICKT~1\BAK

09/24/2006 02:24 AM 282,624 qttask.exe
1 File(s) 282,624 bytes

Directory of C:\PROGRA~1\VERIZON\BAK

09/28/2007 01:30 PM 936,960 McciTrayApp.exe
1 File(s) 936,960 bytes

Directory of C:\PROGRA~1\WI4DF6~1\BAK

10/18/2006 09:58 PM 8,704 WMCCFG.exe
1 File(s) 8,704 bytes

Directory of C:\PROGRA~1\WINDOW~3\BAK

10/18/2006 08:05 PM 204,288 WMPNSCFG.exe
1 File(s) 204,288 bytes

Directory of C:\WINDOWS\SYSTEM32\BAK

08/04/2004 02:56 AM 15,360 ctfmon.exe
1 File(s) 15,360 bytes

Directory of C:\PROGRA~1\ATITEC~1\ATICON~1\BAK

05/05/2004 08:10 PM 339,968 atiptaxx.exe
1 File(s) 339,968 bytes

Directory of C:\PROGRA~1\ELABOR~1\VIRTUA~1\BAK

04/29/2006 08:21 AM 94,208 VCDDaemon.exe
1 File(s) 94,208 bytes

Directory of C:\PROGRA~1\SONY\SONICS~1\BAK

06/03/2005 06:16 AM 81,920 SsAAD.exe
1 File(s) 81,920 bytes

Directory of C:\PROGRA~1\VERIZON\VSP\BAK

05/11/2007 03:20 PM 2,061,816 VerizonServicepoint.exe
1 File(s) 2,061,816 bytes

Directory of C:\DOCUME~1\MICHELLE\LOCALS~1\TEMP\BAK

04/10/2003 10:24 PM 495,616 UIUCU.EXE
1 File(s) 495,616 bytes

Directory of C:\PROGRA~1\ADOBE\READER~1.0\READER\BAK

10/10/2007 06:51 PM 39,792 Reader_sl.exe
1 File(s) 39,792 bytes

Directory of C:\PROGRA~1\COMMON~1\MICROS~1\WORKSS~1\BAK

09/13/2003 08:36 PM 50,688 WkUFind.exe
1 File(s) 50,688 bytes

Directory of C:\PROGRA~1\COMMON~1\REAL\UPDATE~1\BAK

09/12/2007 09:42 PM 185,632 realsched.exe
1 File(s) 185,632 bytes

Directory of C:\PROGRA~1\JAVA\JRE16~3.0_0\BIN\BAK

09/25/2007 12:11 AM 132,496 jusched.exe
1 File(s) 132,496 bytes

Directory of C:\PROGRA~1\ADOBE\PHOTOS~2\3.0\APPS\BAK

06/06/2005 10:46 PM 57,344 apdproxy.exe
1 File(s) 57,344 bytes


Duplicate files of bak directory contents
~~~~~~~~~~~~~~~~~~~~~~~

212992 Jul 1 2004 "C:\Updater.exe"
212992 Jul 1 2004 "C:\bak\Updater.exe"
132232 Nov 28 2007 "C:\Program Files\Mozilla Firefox\updater.exe"
973394 Jan 19 2008 "Z:\World of Warcraft\WoW-1.12.x-to-2.0.1-enUS-patch\Updater.exe"
282624 Sep 24 2006 "C:\Program Files\QuickTime\qttask.exe"
282624 Sep 24 2006 "C:\Program Files\QuickTime\bak\qttask.exe"
936960 Sep 28 2007 "C:\Program Files\Verizon\McciTrayApp.exe"
936960 Sep 28 2007 "C:\Program Files\Verizon\bak\McciTrayApp.exe"
8704 Oct 18 2006 "C:\Program Files\Windows Media Connect 2\WMCCFG.exe"
368128 Oct 6 2005 "C:\WINDOWS\$NtUninstallwmp11$\wmccfg.exe"
8704 Oct 18 2006 "C:\Program Files\Windows Media Connect 2\bak\WMCCFG.exe"
204288 Oct 18 2006 "C:\Program Files\Windows Media Player\WMPNSCFG.exe"
204288 Oct 18 2006 "C:\Program Files\Windows Media Player\bak\WMPNSCFG.exe"
15360 Aug 4 2004 "C:\WINDOWS\system32\ctfmon.exe"
15360 Aug 4 2004 "C:\WINDOWS\system32\bak\ctfmon.exe"
339968 May 5 2004 "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
339968 May 5 2004 "C:\Program Files\ATI Technologies\ATI Control Panel\bak\atiptaxx.exe"
94208 Apr 29 2006 "C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe"
94208 Apr 29 2006 "C:\Program Files\Elaborate Bytes\VirtualCloneDrive\bak\VCDDaemon.exe"
81920 Jun 3 2005 "C:\Program Files\Sony\SonicStage\SsAAD.exe"
81920 Jun 3 2005 "C:\Program Files\Sony\SonicStage\bak\SsAAD.exe"
2061816 May 11 2007 "C:\Program Files\Verizon\VSP\VerizonServicepoint.exe"
10153176 Jan 6 2008 "C:\Documents and Settings\Michelle\Local Settings\Temp\verizonhelpSupport.exe"
2061816 May 11 2007 "C:\Program Files\Verizon\VSP\bak\VerizonServicepoint.exe"
22470744 Feb 19 2008 "C:\Documents and Settings\Michelle\Application Data\Verizon\VSP\downloads\Verizon-PC-Security-Checkup-2.5.0-Setup.41.exe.dir\Verizon-PC-Security-Checkup-2.5.0-Setup.exe"
14348 Jan 30 2008 "C:\Documents and Settings\Michelle\Local Settings\Temp\UIUCU.EXE"
495616 Apr 10 2003 "C:\Documents and Settings\Michelle\Local Settings\Temp\bak\UIUCU.EXE"
39792 Oct 10 2007 "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
39792 Oct 10 2007 "C:\Program Files\Adobe\Reader 8.0\Reader\bak\Reader_sl.exe"
50688 Sep 13 2003 "C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe"
50688 Sep 13 2003 "C:\Program Files\Common Files\Microsoft Shared\Works Shared\bak\WkUFind.exe"
185632 Sep 12 2007 "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"
185632 Sep 12 2007 "C:\Program Files\Common Files\Real\Update_OB\bak\realsched.exe"
32881 May 9 2006 "C:\Program Files\Java\j2re1.4.2_12\bin\jusched.exe"
36975 Mar 4 2005 "C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe"
49263 Nov 9 2006 "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
36975 Jun 3 2005 "C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe"
75520 Dec 15 2006 "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
36975 Nov 10 2005 "C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe"
49263 Oct 12 2006 "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
83608 Mar 14 2007 "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
132496 Jul 12 2007 "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
132496 Sep 25 2007 "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
132496 Sep 25 2007 "C:\Program Files\Java\jre1.6.0_03\bin\bak\jusched.exe"
57344 Jun 6 2005 "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
57344 Jun 6 2005 "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\bak\apdproxy.exe"


end of report

#10 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,917 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:01:14 PM

Posted 19 February 2008 - 08:06 PM

Hello again hopefully one more step after this.
Copy the paths in quote below to the clipboard, highlight all of them right-click and choose copy, or highlight them and press Ctrl+C:

C:\bak
C:\Program Files\QuickTime\bak
C:\Program Files\Verizon\bak
C:\Program Files\Windows Media Player\bak
C:\WINDOWS\system32\bak
C:\Program Files\ATI Technologies\ATI Control Panel\bak
C:\Program Files\Elaborate Bytes\VirtualCloneDrive\bak
C:\Program Files\Sony\SonicStage\bak
C:\Program Files\Verizon\VSP\bak
C:\Documents and Settings\Michelle\Local Settings\Temp\bak
C:\Program Files\Windows Media Connect 2\bak
C:\Program Files\Adobe\Reader 8.0\Reader\bak
C:\Program Files\Common Files\Microsoft Shared\Works Shared\bak
C:\Program Files\Common Files\Real\Update_OB\bak
C:\Program Files\Java\jre1.6.0_03\bin\bak
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\bak


Double-click on the FindAWF.exe file to run it.
It will open a command prompt and ask you to "Press any key to continue".
You will be presented with a Menu.
Type 3, then press Enter.
Press any key to continue.
A Notepad document folders.txt will appear with instructions to click below the line and paste the list of folders to be removed.
Right click below the line and paste the list of paths that were copied to the clipboard (Ctrl+V).
Close Notepad and you will receive prompt to save the changes, click Yes.
The program will proceed with working.
It may take a few minutes to complete so be patient.
When the scan is finished, it will open a text file in notepad called AWF.txt.
Return to this thread and copy and paste the contents of the AWF.txt file in your next reply.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#11 mickeyho13

mickeyho13
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:01:14 PM

Posted 20 February 2008 - 02:50 PM

:thumbsup: Yay?
Find AWF report by noahdfear 2006
Version 1.40
Option 3 run successfully

The current date is: Wed 02/20/2008
The current time is: 14:38:55.78


bak folders found
~~~~~~~~~~~



Duplicate files of bak directory contents
~~~~~~~~~~~~~~~~~~~~~~~



end of report

#12 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,917 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:01:14 PM

Posted 20 February 2008 - 03:35 PM

Option 4 will clean all entries from the domain zones.

Double-click on the FindAWF.exe file to run it.
It will open a command prompt and ask you to "Press any key to continue".
You will be presented with a Menu.
Press 4, then press Enter.
Press 1 then Enter to continue.
When done, you will receive similar message like this:Done! Zones have been reset
Press E then Enter to exit.

Also
Your Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) Version 6 and save it to your desktop.
  • Scroll down to where it says "Java Runtime Environment (JRE)6 Update 4...allows end-users to run Java applications".
  • Click the "Download" button to the right.
  • Select your Plattform: "Windows".
  • Select your Language: "English".
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • Click Continue and the page will refresh.
  • Click on the link to download Windows Offline Installation and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u4-windows-i586-p.exe to install the newest version.

Now ,Please download ATF Cleaner by Atribune. (This program is for XP and Windows 2000 only)Double-click ATF-Cleaner.exe to run the program.
Under Main "Select Files to Delete" choose: Select All.
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.

You have done well !!
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users