Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

A.doginhispen Trojan Problem


  • Please log in to reply
17 replies to this topic

#1 kmsteph

kmsteph

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:08:44 AM

Posted 25 February 2008 - 08:35 PM

I have the trojan a.doginhispen on my computer. Can someone help me through the steps to remove this Trojan? Thanks!!

BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,488 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:09:44 AM

Posted 25 February 2008 - 10:41 PM

Hello and welcome, let's start here.

Click HERE to download FindAWF.exe and save it to your desktop.
Double-click on the FindAWF.exe file to run it.
It will open a command prompt and ask you to "Press any key to continue".
You will be presented with a Menu.
Type 1, then press Enter.
FindAWF tool will begin scanning.
It may take a few minutes to complete so be patient.
When the scan is finished, a text file in notepad called AWF.txt will automatically open.
Return to this thread and copy and paste the contents of the AWF.txt file in your next reply.

Edited by boopme, 25 February 2008 - 10:42 PM.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 kmsteph

kmsteph
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:08:44 AM

Posted 25 February 2008 - 11:04 PM

Find AWF report by noahdfear 2006
Version 1.40

The current date is: Mon 02/25/2008
The current time is: 23:01:21.02


bak folders found
~~~~~~~~~~~


Directory of C:\PROGRA~1\AIM6\BAK

04/27/2007 04:17 PM 50,736 aim6.exe
1 File(s) 50,736 bytes

Directory of C:\PROGRA~1\APOINT\BAK

11/17/2004 10:47 PM 118,784 Apoint.exe
1 File(s) 118,784 bytes

Directory of C:\PROGRA~1\DISC\BAK

06/01/2006 07:55 PM 1,077,248 DISCover.exe
1 File(s) 1,077,248 bytes

Directory of C:\PROGRA~1\ITUNES\BAK

10/30/2006 09:36 AM 256,576 iTunesHelper.exe
1 File(s) 256,576 bytes

Directory of C:\PROGRA~1\MSNMES~1\BAK

0 File(s) 0 bytes

Directory of C:\PROGRA~1\NAPSTER\BAK

06/29/2006 04:17 PM 319,488 napster.exe
1 File(s) 319,488 bytes

Directory of C:\PROGRA~1\QUICKT~1\BAK

10/25/2006 06:58 PM 282,624 qttask.exe
1 File(s) 282,624 bytes

Directory of C:\WINDOWS\EHOME\BAK

08/05/2005 03:56 PM 64,512 ehtray.exe
1 File(s) 64,512 bytes

Directory of C:\WINDOWS\SYSTEM32\BAK

04/05/2006 01:21 PM 77,824 hkcmd.exe
04/05/2006 01:21 PM 118,784 igfxpers.exe
04/05/2006 01:21 PM 94,208 igfxtray.exe
3 File(s) 290,816 bytes

Directory of C:\PROGRA~1\CANON\MYPRIN~1\BAK

03/21/2006 08:30 PM 1,191,936 BJMyPrt.exe
1 File(s) 1,191,936 bytes

Directory of C:\PROGRA~1\REAL\REALPL~1\BAK

03/23/2007 08:38 PM 26,112 RealPlay.exe
1 File(s) 26,112 bytes

Directory of C:\PROGRA~1\SCANSOFT\OMNIPA~1.0\BAK

03/21/2006 01:19 PM 69,632 OpwareSE4.exe
1 File(s) 69,632 bytes

Directory of C:\PROGRA~1\SONY\ISBUTI~1\BAK

02/20/2004 04:12 PM 32,768 ISBMgr.exe
1 File(s) 32,768 bytes

Directory of C:\PROGRA~1\SONY\VAIOCA~1\BAK

12/27/2005 03:58 PM 69,632 VCUServe.exe
1 File(s) 69,632 bytes

Directory of C:\PROGRA~1\SONY\VAIOPO~1\BAK

06/27/2006 08:24 PM 217,088 SPMgr.exe
1 File(s) 217,088 bytes

Directory of C:\PROGRA~1\SONY\VAIOUP~1\BAK

10/11/2005 11:36 PM 151,552 VAIOUpdt.exe
1 File(s) 151,552 bytes

Directory of C:\PROGRA~1\SONY\WIRELE~1\BAK

02/14/2006 02:11 PM 176,128 Switcher.exe
1 File(s) 176,128 bytes

Directory of C:\PROGRA~1\SYMPAT~1\BIN\BAK

06/10/2003 09:32 AM 143,360 confsvr.exe
1 File(s) 143,360 bytes

Directory of C:\WINDOWS\SONYSYS\VAIORE~1\BAK

04/19/2003 11:08 PM 28,672 PartSeal.exe
1 File(s) 28,672 bytes

Directory of C:\PROGRA~1\COMMON~1\SCANSO~1\SSBKGD~1\BAK

09/30/2003 12:14 AM 155,648 SSBkgdupdate.exe
1 File(s) 155,648 bytes

Directory of C:\PROGRA~1\JAVA\JRE15~1.0_0\BIN\BAK

05/03/2006 04:56 AM 36,975 jusched.exe
1 File(s) 36,975 bytes

Directory of C:\PROGRA~1\COMMON~1\AOL\117470~1\EE\BAK

11/03/2004 04:03 PM 125,528 AOLHostManager.exe
1 File(s) 125,528 bytes


Duplicate files of bak directory contents
~~~~~~~~~~~~~~~~~~~~~~~

50528 Jan 3 2008 "C:\Program Files\AIM6\aim6.exe"
50736 Apr 27 2007 "C:\Program Files\AIM6\bak\aim6.exe"
14348 Jan 28 2008 "C:\Program Files\Apoint\Apoint.exe"
118784 Nov 17 2004 "C:\Program Files\Apoint\bak\Apoint.exe"
118784 Nov 17 2004 "C:\WINDOWS\Drivers\Touchpad\Apoint.exe"
14348 Jan 28 2008 "C:\Program Files\DISC\DISCover.exe"
1077248 Jun 1 2006 "C:\Program Files\DISC\bak\DISCover.exe"
14348 Jan 28 2008 "C:\Program Files\iTunes\iTunesHelper.exe"
256576 Oct 30 2006 "C:\Program Files\iTunes\bak\iTunesHelper.exe"
102400 Nov 29 2006 "C:\WINDOWS\Installer\{446DBFFA-4088-48E3-8932-74316BA4CAE4}\iTunesIco.exe"
108096 Oct 30 2006 "C:\Documents and Settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 7.0.2.16\iTunesSetupAdmin.exe"
14348 Jan 28 2008 "C:\Program Files\Napster\napster.exe"
319488 Jun 29 2006 "C:\Program Files\Napster\bak\napster.exe"
14348 Jan 28 2008 "C:\Program Files\QuickTime\qttask.exe"
282624 Oct 25 2006 "C:\Program Files\QuickTime\bak\qttask.exe"
59392 Aug 10 2004 "C:\WINDOWS\$NtUninstallKB900325$\ehtray.exe"
14348 Jan 28 2008 "C:\WINDOWS\ehome\ehtray.exe"
64512 Aug 5 2005 "C:\WINDOWS\ehome\bak\ehtray.exe"
14348 Jan 28 2008 "C:\WINDOWS\system32\hkcmd.exe"
77824 Apr 5 2006 "C:\WINDOWS\Drivers\Intel 945G Display\hkcmd.exe"
77824 Apr 5 2006 "C:\WINDOWS\system32\bak\hkcmd.exe"
14348 Jan 28 2008 "C:\WINDOWS\system32\igfxpers.exe"
118784 Apr 5 2006 "C:\WINDOWS\Drivers\Intel 945G Display\igfxpers.exe"
118784 Apr 5 2006 "C:\WINDOWS\system32\bak\igfxpers.exe"
14348 Jan 28 2008 "C:\WINDOWS\system32\igfxtray.exe"
94208 Apr 5 2006 "C:\WINDOWS\Drivers\Intel 945G Display\igfxtray.exe"
94208 Apr 5 2006 "C:\WINDOWS\system32\bak\igfxtray.exe"
14348 Jan 28 2008 "C:\Program Files\Canon\MyPrinter\BJMyPrt.exe"
1191936 Mar 21 2006 "C:\Program Files\Canon\MyPrinter\bak\BJMyPrt.exe"
14348 Jan 28 2008 "C:\Program Files\Real\RealPlayer\RealPlay.exe"
26112 Mar 23 2007 "C:\Program Files\Real\RealPlayer\bak\RealPlay.exe"
14348 Jan 28 2008 "C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"
69632 Mar 21 2006 "C:\Program Files\ScanSoft\OmniPageSE4.0\bak\OpwareSE4.exe"
14348 Jan 28 2008 "C:\Program Files\Sony\ISB Utility\ISBMgr.exe"
32768 Feb 20 2004 "C:\Program Files\Sony\ISB Utility\bak\ISBMgr.exe"
14348 Jan 28 2008 "C:\Program Files\Sony\VAIO Camera Utility\VCUServe.exe"
69632 Dec 27 2005 "C:\Program Files\Sony\VAIO Camera Utility\bak\VCUServe.exe"
14348 Jan 28 2008 "C:\Program Files\Sony\VAIO Power Management\SPMgr.exe"
217088 Jun 27 2006 "C:\Program Files\Sony\VAIO Power Management\bak\SPMgr.exe"
14348 Jan 28 2008 "C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe"
151552 Oct 11 2005 "C:\Program Files\Sony\VAIO Update 2\bak\VAIOUpdt.exe"
14348 Jan 28 2008 "C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe"
176128 Feb 14 2006 "C:\Program Files\Sony\Wireless Switch Setting Utility\bak\Switcher.exe"
14348 Jan 28 2008 "C:\Program Files\Sympatico Starter Kit\bin\confsvr.exe"
143360 Jun 10 2003 "C:\Program Files\Sympatico Starter Kit\bin\bak\confsvr.exe"
14348 Jan 28 2008 "C:\WINDOWS\SONYSYS\VAIO Recovery\PartSeal.exe"
28672 Apr 19 2003 "C:\WINDOWS\SONYSYS\VAIO Recovery\bak\PartSeal.exe"
14348 Jan 28 2008 "C:\Program Files\Common Files\ScanSoft Shared\SSBkgdUpdate\SSBkgdupdate.exe"
155648 Sep 30 2003 "C:\Program Files\Common Files\ScanSoft Shared\SSBkgdUpdate\bak\SSBkgdupdate.exe"
14348 Jan 28 2008 "C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe"
36975 May 3 2006 "C:\Program Files\Java\jre1.5.0_07\bin\bak\jusched.exe"
14384 Sep 25 2006 "C:\Program Files\AIM6\AOLHostManager.exe"
14348 Jan 28 2008 "C:\Program Files\Common Files\AOL\1174700237\EE\AOLHostManager.exe"
125528 Nov 3 2004 "C:\Program Files\Common Files\AOL\1174700237\EE\bak\AOLHostManager.exe"


end of report

#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,488 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:09:44 AM

Posted 25 February 2008 - 11:44 PM

You have a downloader trojan called Downloader.Agent.awf or Downloader.Agent.ayy. This trojan replaces legitimate files that are common on most computers with an infected file. It then moves the legitimate file to a "bak" or backup folder. Please follow steps below:

Copy the file paths in quote below to the clipboard, highlight all of them right-click and choose copy, or highlight them and press Ctrl+C:

118784 Nov 17 2004 "C:\Program Files\Apoint\bak\Apoint.exe"
118784 Nov 17 2004 "C:\WINDOWS\Drivers\Touchpad\Apoint.exe"
118784 Apr 5 2006 "C:\WINDOWS\Drivers\Intel 945G Display\igfxpers.exe"
118784 Apr 5 2006 "C:\WINDOWS\system32\bak\igfxpers.exe"
14348 Jan 28 2008 "C:\Program Files\Apoint\Apoint.exe"
14348 Jan 28 2008 "C:\Program Files\DISC\DISCover.exe"
14348 Jan 28 2008 "C:\Program Files\iTunes\iTunesHelper.exe"
14348 Jan 28 2008 "C:\Program Files\Napster\napster.exe"
14348 Jan 28 2008 "C:\Program Files\QuickTime\qttask.exe"
14348 Jan 28 2008 "C:\Program Files\QuickTime\qttask.exe"
14348 Jan 28 2008 "C:\WINDOWS\ehome\ehtray.exe"
14348 Jan 28 2008 "C:\WINDOWS\system32\hkcmd.exe"
14348 Jan 28 2008 "C:\WINDOWS\system32\igfxpers.exe"
14348 Jan 28 2008 "C:\WINDOWS\system32\igfxtray.exe"
14348 Jan 28 2008 "C:\Program Files\Canon\MyPrinter\BJMyPrt.exe"
14348 Jan 28 2008 "C:\Program Files\Real\RealPlayer\RealPlay.exe"
14348 Jan 28 2008 "C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"
14348 Jan 28 2008 "C:\Program Files\Sony\ISB Utility\ISBMgr.exe"
14348 Jan 28 2008 "C:\Program Files\Sony\VAIO Camera Utility\VCUServe.exe"
14348 Jan 28 2008 "C:\Program Files\Sony\VAIO Power Management\SPMgr.exe"
14348 Jan 28 2008 "C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe"
14348 Jan 28 2008 "C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe"
14348 Jan 28 2008 "C:\Program Files\Sympatico Starter Kit\bin\confsvr.exe"
14348 Jan 28 2008 "C:\WINDOWS\SONYSYS\VAIO Recovery\PartSeal.exe"
14348 Jan 28 2008 "C:\Program Files\Common Files\ScanSoft Shared\SSBkgdUpdate\SSBkgdupdate.exe"
14348 Jan 28 2008 "C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe"
14348 Jan 28 2008 "C:\Program Files\Common Files\AOL\1174700237\EE\AOLHostManager.exe"
77824 Apr 5 2006 "C:\WINDOWS\Drivers\Intel 945G Display\hkcmd.exe"
77824 Apr 5 2006 "C:\WINDOWS\system32\bak\hkcmd.exe"
94208 Apr 5 2006 "C:\WINDOWS\Drivers\Intel 945G Display\igfxtray.exe"
94208 Apr 5 2006 "C:\WINDOWS\system32\bak\igfxtray.exe"


Double-click on the FindAWF.exe file to run it.
It will open a command prompt and ask you to "Press any key to continue".
You will be presented with a Menu.
Type 2, then press Enter.
Press any key to continue.
A Notepad document files.txt will appear with instructions to click below the line and paste the list of files to be restored.
Right click below the line and paste the list of files that were copied to the clipboard (Ctrl+V).
Close Notepad and you will receive prompt to save the changes, click Yes.
The program will proceed with working.
It may take a few minutes to complete so be patient.
When the scan is finished, it will open a text file in notepad called AWF.txt.
Return to this thread and copy and paste the contents of the AWF.txt file in your next reply.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#5 kmsteph

kmsteph
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:08:44 AM

Posted 26 February 2008 - 12:02 AM

Find AWF report by noahdfear 2006
Version 1.40
Option 2 run successfully

The current date is: Mon 02/25/2008
The current time is: 23:58:30.45


bak folders found
~~~~~~~~~~~


Directory of C:\PROGRA~1\AIM6\BAK

04/27/2007 04:17 PM 50,736 aim6.exe
1 File(s) 50,736 bytes

Directory of C:\PROGRA~1\APOINT\BAK

11/17/2004 10:47 PM 118,784 Apoint.exe
1 File(s) 118,784 bytes

Directory of C:\PROGRA~1\DISC\BAK

06/01/2006 07:55 PM 1,077,248 DISCover.exe
1 File(s) 1,077,248 bytes

Directory of C:\PROGRA~1\ITUNES\BAK

10/30/2006 09:36 AM 256,576 iTunesHelper.exe
1 File(s) 256,576 bytes

Directory of C:\PROGRA~1\MSNMES~1\BAK

0 File(s) 0 bytes

Directory of C:\PROGRA~1\NAPSTER\BAK

06/29/2006 04:17 PM 319,488 napster.exe
1 File(s) 319,488 bytes

Directory of C:\PROGRA~1\QUICKT~1\BAK

10/25/2006 06:58 PM 282,624 qttask.exe
1 File(s) 282,624 bytes

Directory of C:\WINDOWS\EHOME\BAK

08/05/2005 03:56 PM 64,512 ehtray.exe
1 File(s) 64,512 bytes

Directory of C:\WINDOWS\SYSTEM32\BAK

04/05/2006 01:21 PM 77,824 hkcmd.exe
04/05/2006 01:21 PM 118,784 igfxpers.exe
04/05/2006 01:21 PM 94,208 igfxtray.exe
3 File(s) 290,816 bytes

Directory of C:\PROGRA~1\CANON\MYPRIN~1\BAK

03/21/2006 08:30 PM 1,191,936 BJMyPrt.exe
1 File(s) 1,191,936 bytes

Directory of C:\PROGRA~1\REAL\REALPL~1\BAK

03/23/2007 08:38 PM 26,112 RealPlay.exe
1 File(s) 26,112 bytes

Directory of C:\PROGRA~1\SCANSOFT\OMNIPA~1.0\BAK

03/21/2006 01:19 PM 69,632 OpwareSE4.exe
1 File(s) 69,632 bytes

Directory of C:\PROGRA~1\SONY\ISBUTI~1\BAK

02/20/2004 04:12 PM 32,768 ISBMgr.exe
1 File(s) 32,768 bytes

Directory of C:\PROGRA~1\SONY\VAIOCA~1\BAK

12/27/2005 03:58 PM 69,632 VCUServe.exe
1 File(s) 69,632 bytes

Directory of C:\PROGRA~1\SONY\VAIOPO~1\BAK

06/27/2006 08:24 PM 217,088 SPMgr.exe
1 File(s) 217,088 bytes

Directory of C:\PROGRA~1\SONY\VAIOUP~1\BAK

10/11/2005 11:36 PM 151,552 VAIOUpdt.exe
1 File(s) 151,552 bytes

Directory of C:\PROGRA~1\SONY\WIRELE~1\BAK

02/14/2006 02:11 PM 176,128 Switcher.exe
1 File(s) 176,128 bytes

Directory of C:\PROGRA~1\SYMPAT~1\BIN\BAK

06/10/2003 09:32 AM 143,360 confsvr.exe
1 File(s) 143,360 bytes

Directory of C:\WINDOWS\SONYSYS\VAIORE~1\BAK

04/19/2003 11:08 PM 28,672 PartSeal.exe
1 File(s) 28,672 bytes

Directory of C:\PROGRA~1\COMMON~1\SCANSO~1\SSBKGD~1\BAK

09/30/2003 12:14 AM 155,648 SSBkgdupdate.exe
1 File(s) 155,648 bytes

Directory of C:\PROGRA~1\JAVA\JRE15~1.0_0\BIN\BAK

05/03/2006 04:56 AM 36,975 jusched.exe
1 File(s) 36,975 bytes

Directory of C:\PROGRA~1\COMMON~1\AOL\117470~1\EE\BAK

11/03/2004 04:03 PM 125,528 AOLHostManager.exe
1 File(s) 125,528 bytes


Duplicate files of bak directory contents
~~~~~~~~~~~~~~~~~~~~~~~

50528 Jan 3 2008 "C:\Program Files\AIM6\aim6.exe"
50736 Apr 27 2007 "C:\Program Files\AIM6\bak\aim6.exe"
14348 Jan 28 2008 "C:\Program Files\Apoint\Apoint.exe"
118784 Nov 17 2004 "C:\Program Files\Apoint\bak\Apoint.exe"
118784 Nov 17 2004 "C:\WINDOWS\Drivers\Touchpad\Apoint.exe"
14348 Jan 28 2008 "C:\Program Files\DISC\DISCover.exe"
1077248 Jun 1 2006 "C:\Program Files\DISC\bak\DISCover.exe"
14348 Jan 28 2008 "C:\Program Files\iTunes\iTunesHelper.exe"
256576 Oct 30 2006 "C:\Program Files\iTunes\bak\iTunesHelper.exe"
102400 Nov 29 2006 "C:\WINDOWS\Installer\{446DBFFA-4088-48E3-8932-74316BA4CAE4}\iTunesIco.exe"
108096 Oct 30 2006 "C:\Documents and Settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 7.0.2.16\iTunesSetupAdmin.exe"
14348 Jan 28 2008 "C:\Program Files\Napster\napster.exe"
319488 Jun 29 2006 "C:\Program Files\Napster\bak\napster.exe"
14348 Jan 28 2008 "C:\Program Files\QuickTime\qttask.exe"
282624 Oct 25 2006 "C:\Program Files\QuickTime\bak\qttask.exe"
59392 Aug 10 2004 "C:\WINDOWS\$NtUninstallKB900325$\ehtray.exe"
14348 Jan 28 2008 "C:\WINDOWS\ehome\ehtray.exe"
64512 Aug 5 2005 "C:\WINDOWS\ehome\bak\ehtray.exe"
14348 Jan 28 2008 "C:\WINDOWS\system32\hkcmd.exe"
77824 Apr 5 2006 "C:\WINDOWS\Drivers\Intel 945G Display\hkcmd.exe"
77824 Apr 5 2006 "C:\WINDOWS\system32\bak\hkcmd.exe"
14348 Jan 28 2008 "C:\WINDOWS\system32\igfxpers.exe"
118784 Apr 5 2006 "C:\WINDOWS\Drivers\Intel 945G Display\igfxpers.exe"
118784 Apr 5 2006 "C:\WINDOWS\system32\bak\igfxpers.exe"
14348 Jan 28 2008 "C:\WINDOWS\system32\igfxtray.exe"
94208 Apr 5 2006 "C:\WINDOWS\Drivers\Intel 945G Display\igfxtray.exe"
94208 Apr 5 2006 "C:\WINDOWS\system32\bak\igfxtray.exe"
14348 Jan 28 2008 "C:\Program Files\Canon\MyPrinter\BJMyPrt.exe"
1191936 Mar 21 2006 "C:\Program Files\Canon\MyPrinter\bak\BJMyPrt.exe"
14348 Jan 28 2008 "C:\Program Files\Real\RealPlayer\RealPlay.exe"
26112 Mar 23 2007 "C:\Program Files\Real\RealPlayer\bak\RealPlay.exe"
14348 Jan 28 2008 "C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"
69632 Mar 21 2006 "C:\Program Files\ScanSoft\OmniPageSE4.0\bak\OpwareSE4.exe"
14348 Jan 28 2008 "C:\Program Files\Sony\ISB Utility\ISBMgr.exe"
32768 Feb 20 2004 "C:\Program Files\Sony\ISB Utility\bak\ISBMgr.exe"
14348 Jan 28 2008 "C:\Program Files\Sony\VAIO Camera Utility\VCUServe.exe"
69632 Dec 27 2005 "C:\Program Files\Sony\VAIO Camera Utility\bak\VCUServe.exe"
14348 Jan 28 2008 "C:\Program Files\Sony\VAIO Power Management\SPMgr.exe"
217088 Jun 27 2006 "C:\Program Files\Sony\VAIO Power Management\bak\SPMgr.exe"
14348 Jan 28 2008 "C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe"
151552 Oct 11 2005 "C:\Program Files\Sony\VAIO Update 2\bak\VAIOUpdt.exe"
14348 Jan 28 2008 "C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe"
176128 Feb 14 2006 "C:\Program Files\Sony\Wireless Switch Setting Utility\bak\Switcher.exe"
14348 Jan 28 2008 "C:\Program Files\Sympatico Starter Kit\bin\confsvr.exe"
143360 Jun 10 2003 "C:\Program Files\Sympatico Starter Kit\bin\bak\confsvr.exe"
14348 Jan 28 2008 "C:\WINDOWS\SONYSYS\VAIO Recovery\PartSeal.exe"
28672 Apr 19 2003 "C:\WINDOWS\SONYSYS\VAIO Recovery\bak\PartSeal.exe"
14348 Jan 28 2008 "C:\Program Files\Common Files\ScanSoft Shared\SSBkgdUpdate\SSBkgdupdate.exe"
155648 Sep 30 2003 "C:\Program Files\Common Files\ScanSoft Shared\SSBkgdUpdate\bak\SSBkgdupdate.exe"
14348 Jan 28 2008 "C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe"
36975 May 3 2006 "C:\Program Files\Java\jre1.5.0_07\bin\bak\jusched.exe"
14384 Sep 25 2006 "C:\Program Files\AIM6\AOLHostManager.exe"
14348 Jan 28 2008 "C:\Program Files\Common Files\AOL\1174700237\EE\AOLHostManager.exe"
125528 Nov 3 2004 "C:\Program Files\Common Files\AOL\1174700237\EE\bak\AOLHostManager.exe"


end of report

#6 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,488 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:09:44 AM

Posted 26 February 2008 - 12:10 AM

I'm very sorry ..we need to do step 2 again. I'm very tired and didn't remove the beginnings. I wanted to get you started before I signed off. Please do 2 again with this. I'll be getting some rest now.

You have a downloader trojan called Downloader.Agent.awf or Downloader.Agent.ayy. This trojan replaces legitimate files that are common on most computers with an infected file. It then moves the legitimate file to a "bak" or backup folder. Please follow steps below:

Copy the file paths in quote below to the clipboard, highlight all of them right-click and choose copy, or highlight them and press Ctrl+C:

"C:\Program Files\Apoint\bak\Apoint.exe"
"C:\WINDOWS\Drivers\Touchpad\Apoint.exe"
"C:\WINDOWS\Drivers\Intel 945G Display\igfxpers.exe"
"C:\WINDOWS\system32\bak\igfxpers.exe"
"C:\Program Files\Apoint\Apoint.exe"
"C:\Program Files\DISC\DISCover.exe"
"C:\Program Files\iTunes\iTunesHelper.exe"
"C:\Program Files\Napster\napster.exe"
"C:\Program Files\QuickTime\qttask.exe"
"C:\Program Files\QuickTime\qttask.exe"
"C:\WINDOWS\ehome\ehtray.exe"
"C:\WINDOWS\system32\hkcmd.exe"
"C:\WINDOWS\system32\igfxpers.exe"
"C:\WINDOWS\system32\igfxtray.exe"
"C:\Program Files\Canon\MyPrinter\BJMyPrt.exe"
"C:\Program Files\Real\RealPlayer\RealPlay.exe"
"C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"
"C:\Program Files\Sony\ISB Utility\ISBMgr.exe"
"C:\Program Files\Sony\VAIO Camera Utility\VCUServe.exe"
"C:\Program Files\Sony\VAIO Power Management\SPMgr.exe"
"C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe"
"C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe"
"C:\Program Files\Sympatico Starter Kit\bin\confsvr.exe"
"C:\WINDOWS\SONYSYS\VAIO Recovery\PartSeal.exe"
"C:\Program Files\Common Files\ScanSoft Shared\SSBkgdUpdate\SSBkgdupdate.exe"
"C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe"
"C:\Program Files\Common Files\AOL\1174700237\EE\AOLHostManager.exe"
"C:\WINDOWS\Drivers\Intel 945G Display\hkcmd.exe"
"C:\WINDOWS\system32\bak\hkcmd.exe"
"C:\WINDOWS\Drivers\Intel 945G Display\igfxtray.exe"
"C:\WINDOWS\system32\bak\igfxtray.exe"


Double-click on the FindAWF.exe file to run it.
It will open a command prompt and ask you to "Press any key to continue".
You will be presented with a Menu.
Type 2, then press Enter.
Press any key to continue.
A Notepad document files.txt will appear with instructions to click below the line and paste the list of files to be restored.
Right click below the line and paste the list of files that were copied to the clipboard (Ctrl+V).
Close Notepad and you will receive prompt to save the changes, click Yes.
The program will proceed with working.
It may take a few minutes to complete so be patient.
When the scan is finished, it will open a text file in notepad called AWF.txt.
Return to this thread and copy and paste the contents of the AWF.txt file in your next reply.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#7 kmsteph

kmsteph
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:08:44 AM

Posted 26 February 2008 - 12:19 AM

No worries. :thumbsup: Thanks for all your help!! Here are the results of step 2 after the second time::




Find AWF report by noahdfear 2006
Version 1.40
Option 2 run successfully

The current date is: Tue 02/26/2008
The current time is: 0:15:17.60


bak folders found
~~~~~~~~~~~


Directory of C:\PROGRA~1\AIM6\BAK

04/27/2007 04:17 PM 50,736 aim6.exe
1 File(s) 50,736 bytes

Directory of C:\PROGRA~1\APOINT\BAK

11/17/2004 10:47 PM 118,784 Apoint.exe
1 File(s) 118,784 bytes

Directory of C:\PROGRA~1\DISC\BAK

06/01/2006 07:55 PM 1,077,248 DISCover.exe
1 File(s) 1,077,248 bytes

Directory of C:\PROGRA~1\ITUNES\BAK

10/30/2006 09:36 AM 256,576 iTunesHelper.exe
1 File(s) 256,576 bytes

Directory of C:\PROGRA~1\MSNMES~1\BAK

0 File(s) 0 bytes

Directory of C:\PROGRA~1\NAPSTER\BAK

06/29/2006 04:17 PM 319,488 napster.exe
1 File(s) 319,488 bytes

Directory of C:\PROGRA~1\QUICKT~1\BAK

10/25/2006 06:58 PM 282,624 qttask.exe
1 File(s) 282,624 bytes

Directory of C:\WINDOWS\EHOME\BAK

08/05/2005 03:56 PM 64,512 ehtray.exe
1 File(s) 64,512 bytes

Directory of C:\WINDOWS\SYSTEM32\BAK

04/05/2006 01:21 PM 77,824 hkcmd.exe
04/05/2006 01:21 PM 118,784 igfxpers.exe
04/05/2006 01:21 PM 94,208 igfxtray.exe
3 File(s) 290,816 bytes

Directory of C:\PROGRA~1\CANON\MYPRIN~1\BAK

03/21/2006 08:30 PM 1,191,936 BJMyPrt.exe
1 File(s) 1,191,936 bytes

Directory of C:\PROGRA~1\REAL\REALPL~1\BAK

03/23/2007 08:38 PM 26,112 RealPlay.exe
1 File(s) 26,112 bytes

Directory of C:\PROGRA~1\SCANSOFT\OMNIPA~1.0\BAK

03/21/2006 01:19 PM 69,632 OpwareSE4.exe
1 File(s) 69,632 bytes

Directory of C:\PROGRA~1\SONY\ISBUTI~1\BAK

02/20/2004 04:12 PM 32,768 ISBMgr.exe
1 File(s) 32,768 bytes

Directory of C:\PROGRA~1\SONY\VAIOCA~1\BAK

12/27/2005 03:58 PM 69,632 VCUServe.exe
1 File(s) 69,632 bytes

Directory of C:\PROGRA~1\SONY\VAIOPO~1\BAK

06/27/2006 08:24 PM 217,088 SPMgr.exe
1 File(s) 217,088 bytes

Directory of C:\PROGRA~1\SONY\VAIOUP~1\BAK

10/11/2005 11:36 PM 151,552 VAIOUpdt.exe
1 File(s) 151,552 bytes

Directory of C:\PROGRA~1\SONY\WIRELE~1\BAK

02/14/2006 02:11 PM 176,128 Switcher.exe
1 File(s) 176,128 bytes

Directory of C:\PROGRA~1\SYMPAT~1\BIN\BAK

06/10/2003 09:32 AM 143,360 confsvr.exe
1 File(s) 143,360 bytes

Directory of C:\WINDOWS\SONYSYS\VAIORE~1\BAK

04/19/2003 11:08 PM 28,672 PartSeal.exe
1 File(s) 28,672 bytes

Directory of C:\PROGRA~1\COMMON~1\SCANSO~1\SSBKGD~1\BAK

09/30/2003 12:14 AM 155,648 SSBkgdupdate.exe
1 File(s) 155,648 bytes

Directory of C:\PROGRA~1\JAVA\JRE15~1.0_0\BIN\BAK

05/03/2006 04:56 AM 36,975 jusched.exe
1 File(s) 36,975 bytes

Directory of C:\PROGRA~1\COMMON~1\AOL\117470~1\EE\BAK

11/03/2004 04:03 PM 125,528 AOLHostManager.exe
1 File(s) 125,528 bytes


Duplicate files of bak directory contents
~~~~~~~~~~~~~~~~~~~~~~~

50528 Jan 3 2008 "C:\Program Files\AIM6\aim6.exe"
50736 Apr 27 2007 "C:\Program Files\AIM6\bak\aim6.exe"
118784 Nov 17 2004 "C:\Program Files\Apoint\Apoint.exe"
118784 Nov 17 2004 "C:\Program Files\Apoint\bak\Apoint.exe"
118784 Nov 17 2004 "C:\WINDOWS\Drivers\Touchpad\Apoint.exe"
14348 Jan 28 2008 "C:\Program Files\DISC\DISCover.exe"
1077248 Jun 1 2006 "C:\Program Files\DISC\bak\DISCover.exe"
14348 Jan 28 2008 "C:\Program Files\iTunes\iTunesHelper.exe"
256576 Oct 30 2006 "C:\Program Files\iTunes\bak\iTunesHelper.exe"
102400 Nov 29 2006 "C:\WINDOWS\Installer\{446DBFFA-4088-48E3-8932-74316BA4CAE4}\iTunesIco.exe"
108096 Oct 30 2006 "C:\Documents and Settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 7.0.2.16\iTunesSetupAdmin.exe"
14348 Jan 28 2008 "C:\Program Files\Napster\napster.exe"
319488 Jun 29 2006 "C:\Program Files\Napster\bak\napster.exe"
14348 Jan 28 2008 "C:\Program Files\QuickTime\qttask.exe"
282624 Oct 25 2006 "C:\Program Files\QuickTime\bak\qttask.exe"
59392 Aug 10 2004 "C:\WINDOWS\$NtUninstallKB900325$\ehtray.exe"
14348 Jan 28 2008 "C:\WINDOWS\ehome\ehtray.exe"
64512 Aug 5 2005 "C:\WINDOWS\ehome\bak\ehtray.exe"
77824 Apr 5 2006 "C:\WINDOWS\system32\hkcmd.exe"
77824 Apr 5 2006 "C:\WINDOWS\Drivers\Intel 945G Display\hkcmd.exe"
77824 Apr 5 2006 "C:\WINDOWS\system32\bak\hkcmd.exe"
118784 Apr 5 2006 "C:\WINDOWS\system32\igfxpers.exe"
118784 Apr 5 2006 "C:\WINDOWS\Drivers\Intel 945G Display\igfxpers.exe"
118784 Apr 5 2006 "C:\WINDOWS\system32\bak\igfxpers.exe"
94208 Apr 5 2006 "C:\WINDOWS\system32\igfxtray.exe"
94208 Apr 5 2006 "C:\WINDOWS\Drivers\Intel 945G Display\igfxtray.exe"
94208 Apr 5 2006 "C:\WINDOWS\system32\bak\igfxtray.exe"
14348 Jan 28 2008 "C:\Program Files\Canon\MyPrinter\BJMyPrt.exe"
1191936 Mar 21 2006 "C:\Program Files\Canon\MyPrinter\bak\BJMyPrt.exe"
14348 Jan 28 2008 "C:\Program Files\Real\RealPlayer\RealPlay.exe"
26112 Mar 23 2007 "C:\Program Files\Real\RealPlayer\bak\RealPlay.exe"
14348 Jan 28 2008 "C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"
69632 Mar 21 2006 "C:\Program Files\ScanSoft\OmniPageSE4.0\bak\OpwareSE4.exe"
14348 Jan 28 2008 "C:\Program Files\Sony\ISB Utility\ISBMgr.exe"
32768 Feb 20 2004 "C:\Program Files\Sony\ISB Utility\bak\ISBMgr.exe"
14348 Jan 28 2008 "C:\Program Files\Sony\VAIO Camera Utility\VCUServe.exe"
69632 Dec 27 2005 "C:\Program Files\Sony\VAIO Camera Utility\bak\VCUServe.exe"
14348 Jan 28 2008 "C:\Program Files\Sony\VAIO Power Management\SPMgr.exe"
217088 Jun 27 2006 "C:\Program Files\Sony\VAIO Power Management\bak\SPMgr.exe"
14348 Jan 28 2008 "C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe"
151552 Oct 11 2005 "C:\Program Files\Sony\VAIO Update 2\bak\VAIOUpdt.exe"
14348 Jan 28 2008 "C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe"
176128 Feb 14 2006 "C:\Program Files\Sony\Wireless Switch Setting Utility\bak\Switcher.exe"
14348 Jan 28 2008 "C:\Program Files\Sympatico Starter Kit\bin\confsvr.exe"
143360 Jun 10 2003 "C:\Program Files\Sympatico Starter Kit\bin\bak\confsvr.exe"
14348 Jan 28 2008 "C:\WINDOWS\SONYSYS\VAIO Recovery\PartSeal.exe"
28672 Apr 19 2003 "C:\WINDOWS\SONYSYS\VAIO Recovery\bak\PartSeal.exe"
14348 Jan 28 2008 "C:\Program Files\Common Files\ScanSoft Shared\SSBkgdUpdate\SSBkgdupdate.exe"
155648 Sep 30 2003 "C:\Program Files\Common Files\ScanSoft Shared\SSBkgdUpdate\bak\SSBkgdupdate.exe"
14348 Jan 28 2008 "C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe"
36975 May 3 2006 "C:\Program Files\Java\jre1.5.0_07\bin\bak\jusched.exe"
14384 Sep 25 2006 "C:\Program Files\AIM6\AOLHostManager.exe"
14348 Jan 28 2008 "C:\Program Files\Common Files\AOL\1174700237\EE\AOLHostManager.exe"
125528 Nov 3 2004 "C:\Program Files\Common Files\AOL\1174700237\EE\bak\AOLHostManager.exe"


end of report

#8 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,488 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:09:44 AM

Posted 26 February 2008 - 12:59 PM

Copy the paths in quote below to the clipboard, highlight all of them right-click and choose copy, or highlight them and press Ctrl+C:

C:\WINDOWS\system32\bak
C:\Program Files\QuickTime\bak
C:\Program Files\HP\hpcoretech\bak
C:\Program Files\AWS\WeatherBug\bak
C:\Program Files\Hewlett-Packard\HP Software Update\bak
C:\Program Files\Micro Innovations\Optical Scroll\bak
C:\Program Files\Common Files\Microsoft Shared\Works Shared\bak
C:\Program Files\Common Files\InstallShield\UpdateService\bak
C:\Program Files\Adobe\Reader 8.0\Reader\bak
C:\Program Files\Java\jre1.6.0_03\bin\bak
C:\Program Files\Verizon Online\SupportCenter\SmartBridge\bak
C:\Program Files\Creative\Creative Live! Cam\VideoFX\bak
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\bak
C:\WINDOWS\system32\spool\drivers\w32x86\3\bak


Double-click on the FindAWF.exe file to run it.
It will open a command prompt and ask you to "Press any key to continue".
You will be presented with a Menu.
Type 3, then press Enter.
Press any key to continue.
A Notepad document folders.txt will appear with instructions to click below the line and paste the list of folders to be removed.
Right click below the line and paste the list of paths that were copied to the clipboard (Ctrl+V).
Close Notepad and you will receive prompt to save the changes, click Yes.
The program will proceed with working.
It may take a few minutes to complete so be patient.
When the scan is finished, it will open a text file in notepad called AWF.txt.
Return to this thread and copy and paste the contents of the AWF.txt file in your next reply.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#9 kmsteph

kmsteph
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:08:44 AM

Posted 26 February 2008 - 03:14 PM

Find AWF report by noahdfear 2006
Version 1.40
Option 3 run successfully

The current date is: Tue 02/26/2008
The current time is: 15:09:19.96


bak folders found
~~~~~~~~~~~


Directory of C:\PROGRA~1\AIM6\BAK

04/27/2007 04:17 PM 50,736 aim6.exe
1 File(s) 50,736 bytes

Directory of C:\PROGRA~1\APOINT\BAK

11/17/2004 10:47 PM 118,784 Apoint.exe
1 File(s) 118,784 bytes

Directory of C:\PROGRA~1\DISC\BAK

06/01/2006 07:55 PM 1,077,248 DISCover.exe
1 File(s) 1,077,248 bytes

Directory of C:\PROGRA~1\ITUNES\BAK

10/30/2006 09:36 AM 256,576 iTunesHelper.exe
1 File(s) 256,576 bytes

Directory of C:\PROGRA~1\MSNMES~1\BAK

0 File(s) 0 bytes

Directory of C:\PROGRA~1\NAPSTER\BAK

06/29/2006 04:17 PM 319,488 napster.exe
1 File(s) 319,488 bytes

Directory of C:\WINDOWS\EHOME\BAK

08/05/2005 03:56 PM 64,512 ehtray.exe
1 File(s) 64,512 bytes

Directory of C:\PROGRA~1\CANON\MYPRIN~1\BAK

03/21/2006 08:30 PM 1,191,936 BJMyPrt.exe
1 File(s) 1,191,936 bytes

Directory of C:\PROGRA~1\REAL\REALPL~1\BAK

03/23/2007 08:38 PM 26,112 RealPlay.exe
1 File(s) 26,112 bytes

Directory of C:\PROGRA~1\SCANSOFT\OMNIPA~1.0\BAK

03/21/2006 01:19 PM 69,632 OpwareSE4.exe
1 File(s) 69,632 bytes

Directory of C:\PROGRA~1\SONY\ISBUTI~1\BAK

02/20/2004 04:12 PM 32,768 ISBMgr.exe
1 File(s) 32,768 bytes

Directory of C:\PROGRA~1\SONY\VAIOCA~1\BAK

12/27/2005 03:58 PM 69,632 VCUServe.exe
1 File(s) 69,632 bytes

Directory of C:\PROGRA~1\SONY\VAIOPO~1\BAK

06/27/2006 08:24 PM 217,088 SPMgr.exe
1 File(s) 217,088 bytes

Directory of C:\PROGRA~1\SONY\VAIOUP~1\BAK

10/11/2005 11:36 PM 151,552 VAIOUpdt.exe
1 File(s) 151,552 bytes

Directory of C:\PROGRA~1\SONY\WIRELE~1\BAK

02/14/2006 02:11 PM 176,128 Switcher.exe
1 File(s) 176,128 bytes

Directory of C:\PROGRA~1\SYMPAT~1\BIN\BAK

06/10/2003 09:32 AM 143,360 confsvr.exe
1 File(s) 143,360 bytes

Directory of C:\WINDOWS\SONYSYS\VAIORE~1\BAK

04/19/2003 11:08 PM 28,672 PartSeal.exe
1 File(s) 28,672 bytes

Directory of C:\PROGRA~1\COMMON~1\SCANSO~1\SSBKGD~1\BAK

09/30/2003 12:14 AM 155,648 SSBkgdupdate.exe
1 File(s) 155,648 bytes

Directory of C:\PROGRA~1\JAVA\JRE15~1.0_0\BIN\BAK

05/03/2006 04:56 AM 36,975 jusched.exe
1 File(s) 36,975 bytes

Directory of C:\PROGRA~1\COMMON~1\AOL\117470~1\EE\BAK

11/03/2004 04:03 PM 125,528 AOLHostManager.exe
1 File(s) 125,528 bytes


Duplicate files of bak directory contents
~~~~~~~~~~~~~~~~~~~~~~~

50528 Jan 3 2008 "C:\Program Files\AIM6\aim6.exe"
50736 Apr 27 2007 "C:\Program Files\AIM6\bak\aim6.exe"
118784 Nov 17 2004 "C:\Program Files\Apoint\Apoint.exe"
118784 Nov 17 2004 "C:\Program Files\Apoint\bak\Apoint.exe"
118784 Nov 17 2004 "C:\WINDOWS\Drivers\Touchpad\Apoint.exe"
14348 Jan 28 2008 "C:\Program Files\DISC\DISCover.exe"
1077248 Jun 1 2006 "C:\Program Files\DISC\bak\DISCover.exe"
14348 Jan 28 2008 "C:\Program Files\iTunes\iTunesHelper.exe"
256576 Oct 30 2006 "C:\Program Files\iTunes\bak\iTunesHelper.exe"
102400 Nov 29 2006 "C:\WINDOWS\Installer\{446DBFFA-4088-48E3-8932-74316BA4CAE4}\iTunesIco.exe"
108096 Oct 30 2006 "C:\Documents and Settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 7.0.2.16\iTunesSetupAdmin.exe"
14348 Jan 28 2008 "C:\Program Files\Napster\napster.exe"
319488 Jun 29 2006 "C:\Program Files\Napster\bak\napster.exe"
59392 Aug 10 2004 "C:\WINDOWS\$NtUninstallKB900325$\ehtray.exe"
14348 Jan 28 2008 "C:\WINDOWS\ehome\ehtray.exe"
64512 Aug 5 2005 "C:\WINDOWS\ehome\bak\ehtray.exe"
14348 Jan 28 2008 "C:\Program Files\Canon\MyPrinter\BJMyPrt.exe"
1191936 Mar 21 2006 "C:\Program Files\Canon\MyPrinter\bak\BJMyPrt.exe"
14348 Jan 28 2008 "C:\Program Files\Real\RealPlayer\RealPlay.exe"
26112 Mar 23 2007 "C:\Program Files\Real\RealPlayer\bak\RealPlay.exe"
14348 Jan 28 2008 "C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"
69632 Mar 21 2006 "C:\Program Files\ScanSoft\OmniPageSE4.0\bak\OpwareSE4.exe"
14348 Jan 28 2008 "C:\Program Files\Sony\ISB Utility\ISBMgr.exe"
32768 Feb 20 2004 "C:\Program Files\Sony\ISB Utility\bak\ISBMgr.exe"
14348 Jan 28 2008 "C:\Program Files\Sony\VAIO Camera Utility\VCUServe.exe"
69632 Dec 27 2005 "C:\Program Files\Sony\VAIO Camera Utility\bak\VCUServe.exe"
14348 Jan 28 2008 "C:\Program Files\Sony\VAIO Power Management\SPMgr.exe"
217088 Jun 27 2006 "C:\Program Files\Sony\VAIO Power Management\bak\SPMgr.exe"
14348 Jan 28 2008 "C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe"
151552 Oct 11 2005 "C:\Program Files\Sony\VAIO Update 2\bak\VAIOUpdt.exe"
14348 Jan 28 2008 "C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe"
176128 Feb 14 2006 "C:\Program Files\Sony\Wireless Switch Setting Utility\bak\Switcher.exe"
14348 Jan 28 2008 "C:\Program Files\Sympatico Starter Kit\bin\confsvr.exe"
143360 Jun 10 2003 "C:\Program Files\Sympatico Starter Kit\bin\bak\confsvr.exe"
14348 Jan 28 2008 "C:\WINDOWS\SONYSYS\VAIO Recovery\PartSeal.exe"
28672 Apr 19 2003 "C:\WINDOWS\SONYSYS\VAIO Recovery\bak\PartSeal.exe"
14348 Jan 28 2008 "C:\Program Files\Common Files\ScanSoft Shared\SSBkgdUpdate\SSBkgdupdate.exe"
155648 Sep 30 2003 "C:\Program Files\Common Files\ScanSoft Shared\SSBkgdUpdate\bak\SSBkgdupdate.exe"
14348 Jan 28 2008 "C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe"
36975 May 3 2006 "C:\Program Files\Java\jre1.5.0_07\bin\bak\jusched.exe"
14384 Sep 25 2006 "C:\Program Files\AIM6\AOLHostManager.exe"
14348 Jan 28 2008 "C:\Program Files\Common Files\AOL\1174700237\EE\AOLHostManager.exe"
125528 Nov 3 2004 "C:\Program Files\Common Files\AOL\1174700237\EE\bak\AOLHostManager.exe"


end of report

#10 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,726 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:09:44 AM

Posted 26 February 2008 - 03:53 PM

Hello kmsteph

Something is not right here. Your option 3 log indicates it ran successfully but all the files are still present. While we are dealing with persistent malware, I have not encountered this issue before when using the fix tool. Therefore, I need you to restart from step 1.
  • Double-click on FindAWF.exe to start.
  • If a "Security Alert" shows, allow the program to run.
  • A command prompt will open and ask you to "Press any key to continue...".
  • You will be presented with a Menu.
    • 1. Press 1 then Enter to scan for bak folders
      2. Press 2 then Enter to restore files from bak folders
      3. Press 3 then Enter to remove bak folders
      4. Press 4 then Enter to reset domain zones
      5. Press E then Enter to EXIT
  • Press 1 then 'Enter' to scan for bak folders
  • The FindAWF tool will begin scanning your computer for the infected AWF files and backups created by the trojan.
  • It may take a few minutes to complete so be patient.
  • When complete, it will open a text file in notepad called awf.txt which will be saved to your desktop.
  • Copy and paste the contents of the awf.txt file in your next reply.

.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#11 kmsteph

kmsteph
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:08:44 AM

Posted 27 February 2008 - 10:54 PM

Find AWF report by noahdfear 2006
Version 1.40

The current date is: Wed 02/27/2008
The current time is: 22:49:38.14


bak folders found
~~~~~~~~~~~


Directory of C:\PROGRA~1\AIM6\BAK

04/27/2007 04:17 PM 50,736 aim6.exe
1 File(s) 50,736 bytes

Directory of C:\PROGRA~1\APOINT\BAK

11/17/2004 10:47 PM 118,784 Apoint.exe
1 File(s) 118,784 bytes

Directory of C:\PROGRA~1\DISC\BAK

06/01/2006 07:55 PM 1,077,248 DISCover.exe
1 File(s) 1,077,248 bytes

Directory of C:\PROGRA~1\ITUNES\BAK

10/30/2006 09:36 AM 256,576 iTunesHelper.exe
1 File(s) 256,576 bytes

Directory of C:\PROGRA~1\MSNMES~1\BAK

0 File(s) 0 bytes

Directory of C:\PROGRA~1\NAPSTER\BAK

06/29/2006 04:17 PM 319,488 napster.exe
1 File(s) 319,488 bytes

Directory of C:\WINDOWS\EHOME\BAK

08/05/2005 03:56 PM 64,512 ehtray.exe
1 File(s) 64,512 bytes

Directory of C:\PROGRA~1\CANON\MYPRIN~1\BAK

03/21/2006 08:30 PM 1,191,936 BJMyPrt.exe
1 File(s) 1,191,936 bytes

Directory of C:\PROGRA~1\REAL\REALPL~1\BAK

03/23/2007 08:38 PM 26,112 RealPlay.exe
1 File(s) 26,112 bytes

Directory of C:\PROGRA~1\SCANSOFT\OMNIPA~1.0\BAK

03/21/2006 01:19 PM 69,632 OpwareSE4.exe
1 File(s) 69,632 bytes

Directory of C:\PROGRA~1\SONY\ISBUTI~1\BAK

02/20/2004 04:12 PM 32,768 ISBMgr.exe
1 File(s) 32,768 bytes

Directory of C:\PROGRA~1\SONY\VAIOCA~1\BAK

12/27/2005 03:58 PM 69,632 VCUServe.exe
1 File(s) 69,632 bytes

Directory of C:\PROGRA~1\SONY\VAIOPO~1\BAK

06/27/2006 08:24 PM 217,088 SPMgr.exe
1 File(s) 217,088 bytes

Directory of C:\PROGRA~1\SONY\VAIOUP~1\BAK

10/11/2005 11:36 PM 151,552 VAIOUpdt.exe
1 File(s) 151,552 bytes

Directory of C:\PROGRA~1\SONY\WIRELE~1\BAK

02/14/2006 02:11 PM 176,128 Switcher.exe
1 File(s) 176,128 bytes

Directory of C:\PROGRA~1\SYMPAT~1\BIN\BAK

06/10/2003 09:32 AM 143,360 confsvr.exe
1 File(s) 143,360 bytes

Directory of C:\WINDOWS\SONYSYS\VAIORE~1\BAK

04/19/2003 11:08 PM 28,672 PartSeal.exe
1 File(s) 28,672 bytes

Directory of C:\PROGRA~1\COMMON~1\SCANSO~1\SSBKGD~1\BAK

09/30/2003 12:14 AM 155,648 SSBkgdupdate.exe
1 File(s) 155,648 bytes

Directory of C:\PROGRA~1\JAVA\JRE15~1.0_0\BIN\BAK

05/03/2006 04:56 AM 36,975 jusched.exe
1 File(s) 36,975 bytes

Directory of C:\PROGRA~1\COMMON~1\AOL\117470~1\EE\BAK

11/03/2004 04:03 PM 125,528 AOLHostManager.exe
1 File(s) 125,528 bytes


Duplicate files of bak directory contents
~~~~~~~~~~~~~~~~~~~~~~~

50528 Jan 3 2008 "C:\Program Files\AIM6\aim6.exe"
50736 Apr 27 2007 "C:\Program Files\AIM6\bak\aim6.exe"
118784 Nov 17 2004 "C:\Program Files\Apoint\Apoint.exe"
118784 Nov 17 2004 "C:\Program Files\Apoint\bak\Apoint.exe"
118784 Nov 17 2004 "C:\WINDOWS\Drivers\Touchpad\Apoint.exe"
14348 Jan 28 2008 "C:\Program Files\DISC\DISCover.exe"
1077248 Jun 1 2006 "C:\Program Files\DISC\bak\DISCover.exe"
14348 Jan 28 2008 "C:\Program Files\iTunes\iTunesHelper.exe"
256576 Oct 30 2006 "C:\Program Files\iTunes\bak\iTunesHelper.exe"
102400 Nov 29 2006 "C:\WINDOWS\Installer\{446DBFFA-4088-48E3-8932-74316BA4CAE4}\iTunesIco.exe"
108096 Oct 30 2006 "C:\Documents and Settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 7.0.2.16\iTunesSetupAdmin.exe"
14348 Jan 28 2008 "C:\Program Files\Napster\napster.exe"
319488 Jun 29 2006 "C:\Program Files\Napster\bak\napster.exe"
59392 Aug 10 2004 "C:\WINDOWS\$NtUninstallKB900325$\ehtray.exe"
14348 Jan 28 2008 "C:\WINDOWS\ehome\ehtray.exe"
64512 Aug 5 2005 "C:\WINDOWS\ehome\bak\ehtray.exe"
14348 Jan 28 2008 "C:\Program Files\Canon\MyPrinter\BJMyPrt.exe"
1191936 Mar 21 2006 "C:\Program Files\Canon\MyPrinter\bak\BJMyPrt.exe"
14348 Jan 28 2008 "C:\Program Files\Real\RealPlayer\RealPlay.exe"
26112 Mar 23 2007 "C:\Program Files\Real\RealPlayer\bak\RealPlay.exe"
14348 Jan 28 2008 "C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"
69632 Mar 21 2006 "C:\Program Files\ScanSoft\OmniPageSE4.0\bak\OpwareSE4.exe"
14348 Jan 28 2008 "C:\Program Files\Sony\ISB Utility\ISBMgr.exe"
32768 Feb 20 2004 "C:\Program Files\Sony\ISB Utility\bak\ISBMgr.exe"
14348 Jan 28 2008 "C:\Program Files\Sony\VAIO Camera Utility\VCUServe.exe"
69632 Dec 27 2005 "C:\Program Files\Sony\VAIO Camera Utility\bak\VCUServe.exe"
14348 Jan 28 2008 "C:\Program Files\Sony\VAIO Power Management\SPMgr.exe"
217088 Jun 27 2006 "C:\Program Files\Sony\VAIO Power Management\bak\SPMgr.exe"
14348 Jan 28 2008 "C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe"
151552 Oct 11 2005 "C:\Program Files\Sony\VAIO Update 2\bak\VAIOUpdt.exe"
14348 Jan 28 2008 "C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe"
176128 Feb 14 2006 "C:\Program Files\Sony\Wireless Switch Setting Utility\bak\Switcher.exe"
14348 Jan 28 2008 "C:\Program Files\Sympatico Starter Kit\bin\confsvr.exe"
143360 Jun 10 2003 "C:\Program Files\Sympatico Starter Kit\bin\bak\confsvr.exe"
14348 Jan 28 2008 "C:\WINDOWS\SONYSYS\VAIO Recovery\PartSeal.exe"
28672 Apr 19 2003 "C:\WINDOWS\SONYSYS\VAIO Recovery\bak\PartSeal.exe"
14348 Jan 28 2008 "C:\Program Files\Common Files\ScanSoft Shared\SSBkgdUpdate\SSBkgdupdate.exe"
155648 Sep 30 2003 "C:\Program Files\Common Files\ScanSoft Shared\SSBkgdUpdate\bak\SSBkgdupdate.exe"
14348 Jan 28 2008 "C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe"
36975 May 3 2006 "C:\Program Files\Java\jre1.5.0_07\bin\bak\jusched.exe"
14384 Sep 25 2006 "C:\Program Files\AIM6\AOLHostManager.exe"
14348 Jan 28 2008 "C:\Program Files\Common Files\AOL\1174700237\EE\AOLHostManager.exe"
125528 Nov 3 2004 "C:\Program Files\Common Files\AOL\1174700237\EE\bak\AOLHostManager.exe"


end of report

#12 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,726 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:09:44 AM

Posted 28 February 2008 - 08:18 AM

Double-click the FindAWF icon once again.
  • If a "Security Alert" shows, allow the program to run.
  • A command prompt will open and ask you to "Press any key to continue...".
  • You will be presented with a Menu.
  • Press 2 then 'Enter' to restore files from bak folders
  • A text file named files.txt will then open.
  • Click below the line and copy/paste the following list of files in the quote box into the text file:

"C:\Program Files\AIM6\bak\aim6.exe"
"C:\Program Files\Apoint\bak\Apoint.exe"
"C:\Program Files\DISC\bak\DISCover.exe"
"C:\Program Files\iTunes\bak\iTunesHelper.exe"
"C:\Program Files\Napster\bak\napster.exe"
"C:\WINDOWS\ehome\bak\ehtray.exe"
"C:\Program Files\Real\RealPlayer\bak\RealPlay.exe"
"C:\Program Files\ScanSoft\OmniPageSE4.0\bak\OpwareSE4.exe"
"C:\Program Files\Sony\ISB Utility\bak\ISBMgr.exe"
"C:\Program Files\Sony\VAIO Camera Utility\bak\VCUServe.exe"
"C:\Program Files\Sony\VAIO Power Management\bak\SPMgr.exe"
"C:\Program Files\Sony\VAIO Update 2\bak\VAIOUpdt.exe"
"C:\Program Files\Sony\Wireless Switch Setting Utility\bak\Switcher.exe"
"C:\Program Files\Sympatico Starter Kit\bin\bak\confsvr.exe"
"C:\WINDOWS\SONYSYS\VAIO Recovery\bak\PartSeal.exe"
"C:\Program Files\Common Files\ScanSoft Shared\SSBkgdUpdate\bak\SSBkgdupdate.exe"
"C:\Program Files\Java\jre1.5.0_07\bin\bak\jusched.exe"
"C:\Program Files\Common Files\AOL\1174700237\EE\bak\AOLHostManager.exe"

  • Close the text file and click Yes to save the changes. Once files.txt is saved, FindAWF does the following:
    • It attempts to terminate the process represented by each filename on the list (if running).
    • Deletes the rogue file from the parent folder (if present).
    • Copies the original file to the parent folder.
  • When done, it automatically runs a new scan and opens a new log.
  • Please copy/paste the contents of the new awf.txt log in your reply.

.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#13 kmsteph

kmsteph
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:08:44 AM

Posted 28 February 2008 - 02:01 PM

Find AWF report by noahdfear 2006
Version 1.40
Option 2 run successfully

The current date is: Thu 02/28/2008
The current time is: 13:57:30.96


bak folders found
~~~~~~~~~~~


Directory of C:\PROGRA~1\AIM6\BAK

04/27/2007 04:17 PM 50,736 aim6.exe
1 File(s) 50,736 bytes

Directory of C:\PROGRA~1\APOINT\BAK

11/17/2004 10:47 PM 118,784 Apoint.exe
1 File(s) 118,784 bytes

Directory of C:\PROGRA~1\DISC\BAK

06/01/2006 07:55 PM 1,077,248 DISCover.exe
1 File(s) 1,077,248 bytes

Directory of C:\PROGRA~1\ITUNES\BAK

10/30/2006 09:36 AM 256,576 iTunesHelper.exe
1 File(s) 256,576 bytes

Directory of C:\PROGRA~1\MSNMES~1\BAK

0 File(s) 0 bytes

Directory of C:\PROGRA~1\NAPSTER\BAK

06/29/2006 04:17 PM 319,488 napster.exe
1 File(s) 319,488 bytes

Directory of C:\PROGRA~1\QUICKT~1\BAK

01/28/2008 11:03 PM 14,348 qttask.exe
1 File(s) 14,348 bytes

Directory of C:\PROGRA~1\SPYBOT~1\BAK

08/31/2007 04:46 PM 1,460,560 TeaTimer.exe
1 File(s) 1,460,560 bytes

Directory of C:\WINDOWS\EHOME\BAK

08/05/2005 03:56 PM 64,512 ehtray.exe
1 File(s) 64,512 bytes

Directory of C:\PROGRA~1\CANON\MYPRIN~1\BAK

03/21/2006 08:30 PM 1,191,936 BJMyPrt.exe
1 File(s) 1,191,936 bytes

Directory of C:\PROGRA~1\MCAFEE.COM\AGENT\BAK

08/03/2007 10:33 PM 582,992 mcagent.exe
1 File(s) 582,992 bytes

Directory of C:\PROGRA~1\REAL\REALPL~1\BAK

03/23/2007 08:38 PM 26,112 RealPlay.exe
1 File(s) 26,112 bytes

Directory of C:\PROGRA~1\SCANSOFT\OMNIPA~1.0\BAK

03/21/2006 01:19 PM 69,632 OpwareSE4.exe
1 File(s) 69,632 bytes

Directory of C:\PROGRA~1\SONY\ISBUTI~1\BAK

02/20/2004 04:12 PM 32,768 ISBMgr.exe
1 File(s) 32,768 bytes

Directory of C:\PROGRA~1\SONY\VAIOCA~1\BAK

12/27/2005 03:58 PM 69,632 VCUServe.exe
1 File(s) 69,632 bytes

Directory of C:\PROGRA~1\SONY\VAIOPO~1\BAK

06/27/2006 08:24 PM 217,088 SPMgr.exe
1 File(s) 217,088 bytes

Directory of C:\PROGRA~1\SONY\VAIOUP~1\BAK

10/11/2005 11:36 PM 151,552 VAIOUpdt.exe
1 File(s) 151,552 bytes

Directory of C:\PROGRA~1\SONY\WIRELE~1\BAK

02/14/2006 02:11 PM 176,128 Switcher.exe
1 File(s) 176,128 bytes

Directory of C:\PROGRA~1\SYMPAT~1\BIN\BAK

06/10/2003 09:32 AM 143,360 confsvr.exe
1 File(s) 143,360 bytes

Directory of C:\WINDOWS\SONYSYS\VAIORE~1\BAK

04/19/2003 11:08 PM 28,672 PartSeal.exe
1 File(s) 28,672 bytes

Directory of C:\PROGRA~1\COMMON~1\SCANSO~1\SSBKGD~1\BAK

09/30/2003 12:14 AM 155,648 SSBkgdupdate.exe
1 File(s) 155,648 bytes

Directory of C:\PROGRA~1\JAVA\JRE15~1.0_0\BIN\BAK

05/03/2006 04:56 AM 36,975 jusched.exe
1 File(s) 36,975 bytes

Directory of C:\PROGRA~1\COMMON~1\AOL\117470~1\EE\BAK

11/03/2004 04:03 PM 125,528 AOLHostManager.exe
1 File(s) 125,528 bytes


Duplicate files of bak directory contents
~~~~~~~~~~~~~~~~~~~~~~~

50736 Apr 27 2007 "C:\Program Files\AIM6\aim6.exe"
50736 Apr 27 2007 "C:\Program Files\AIM6\bak\aim6.exe"
118784 Nov 17 2004 "C:\Program Files\Apoint\Apoint.exe"
118784 Nov 17 2004 "C:\Program Files\Apoint\bak\Apoint.exe"
118784 Nov 17 2004 "C:\WINDOWS\Drivers\Touchpad\Apoint.exe"
1077248 Jun 1 2006 "C:\Program Files\DISC\DISCover.exe"
1077248 Jun 1 2006 "C:\Program Files\DISC\bak\DISCover.exe"
256576 Oct 30 2006 "C:\Program Files\iTunes\iTunesHelper.exe"
256576 Oct 30 2006 "C:\Program Files\iTunes\bak\iTunesHelper.exe"
102400 Nov 29 2006 "C:\WINDOWS\Installer\{446DBFFA-4088-48E3-8932-74316BA4CAE4}\iTunesIco.exe"
108096 Oct 30 2006 "C:\Documents and Settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 7.0.2.16\iTunesSetupAdmin.exe"
319488 Jun 29 2006 "C:\Program Files\Napster\napster.exe"
319488 Jun 29 2006 "C:\Program Files\Napster\bak\napster.exe"
14348 Feb 27 2008 "C:\Program Files\QuickTime\qttask.exe"
14348 Jan 28 2008 "C:\Program Files\QuickTime\bak\qttask.exe"
14348 Feb 27 2008 "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe"
1460560 Aug 31 2007 "C:\Program Files\Spybot - Search & Destroy\bak\TeaTimer.exe"
59392 Aug 10 2004 "C:\WINDOWS\$NtUninstallKB900325$\ehtray.exe"
64512 Aug 5 2005 "C:\WINDOWS\ehome\ehtray.exe"
64512 Aug 5 2005 "C:\WINDOWS\ehome\bak\ehtray.exe"
14348 Feb 27 2008 "C:\Program Files\Canon\MyPrinter\BJMyPrt.exe"
1191936 Mar 21 2006 "C:\Program Files\Canon\MyPrinter\bak\BJMyPrt.exe"
582992 Aug 3 2007 "C:\Program Files\McAfee.com\Agent\mcagent.exe"
582992 Aug 3 2007 "C:\Program Files\McAfee.com\Agent\bak\mcagent.exe"
26112 Mar 23 2007 "C:\Program Files\Real\RealPlayer\RealPlay.exe"
26112 Mar 23 2007 "C:\Program Files\Real\RealPlayer\bak\RealPlay.exe"
69632 Mar 21 2006 "C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"
69632 Mar 21 2006 "C:\Program Files\ScanSoft\OmniPageSE4.0\bak\OpwareSE4.exe"
32768 Feb 20 2004 "C:\Program Files\Sony\ISB Utility\ISBMgr.exe"
32768 Feb 20 2004 "C:\Program Files\Sony\ISB Utility\bak\ISBMgr.exe"
69632 Dec 27 2005 "C:\Program Files\Sony\VAIO Camera Utility\VCUServe.exe"
69632 Dec 27 2005 "C:\Program Files\Sony\VAIO Camera Utility\bak\VCUServe.exe"
217088 Jun 27 2006 "C:\Program Files\Sony\VAIO Power Management\SPMgr.exe"
217088 Jun 27 2006 "C:\Program Files\Sony\VAIO Power Management\bak\SPMgr.exe"
151552 Oct 11 2005 "C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe"
151552 Oct 11 2005 "C:\Program Files\Sony\VAIO Update 2\bak\VAIOUpdt.exe"
176128 Feb 14 2006 "C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe"
176128 Feb 14 2006 "C:\Program Files\Sony\Wireless Switch Setting Utility\bak\Switcher.exe"
143360 Jun 10 2003 "C:\Program Files\Sympatico Starter Kit\bin\confsvr.exe"
143360 Jun 10 2003 "C:\Program Files\Sympatico Starter Kit\bin\bak\confsvr.exe"
28672 Apr 19 2003 "C:\WINDOWS\SONYSYS\VAIO Recovery\PartSeal.exe"
28672 Apr 19 2003 "C:\WINDOWS\SONYSYS\VAIO Recovery\bak\PartSeal.exe"
155648 Sep 30 2003 "C:\Program Files\Common Files\ScanSoft Shared\SSBkgdUpdate\SSBkgdupdate.exe"
155648 Sep 30 2003 "C:\Program Files\Common Files\ScanSoft Shared\SSBkgdUpdate\bak\SSBkgdupdate.exe"
36975 May 3 2006 "C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe"
36975 May 3 2006 "C:\Program Files\Java\jre1.5.0_07\bin\bak\jusched.exe"
14384 Sep 25 2006 "C:\Program Files\AIM6\AOLHostManager.exe"
125528 Nov 3 2004 "C:\Program Files\Common Files\AOL\1174700237\EE\AOLHostManager.exe"
125528 Nov 3 2004 "C:\Program Files\Common Files\AOL\1174700237\EE\bak\AOLHostManager.exe"


end of report

#14 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,726 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:09:44 AM

Posted 28 February 2008 - 02:06 PM

Double-click the FindAWF icon once again.
  • A command prompt will open and ask you to "Press any key to continue...".
  • You will be presented with a Menu.
  • Press 3 then 'Enter' to remove bak folders.
  • A text file named files.txt will then open.
  • Click below the line and copy/paste the following list of folders in the quote box into the text file:

C:\Program Files\AIM6\bak
C:\Program Files\Apoint\bak
C:\Program Files\DISC\bak
C:\Program Files\iTunes\bak
C:\Program Files\Napster\bak
C:\Program Files\QuickTime\bak
C:\Program Files\Spybot - Search & Destroy\bak
C:\WINDOWS\ehome\bak
C:\Program Files\Canon\MyPrinter\bak
C:\Program Files\McAfee.com\Agent\bak
C:\Program Files\Real\RealPlayer\bak
C:\Program Files\ScanSoft\OmniPageSE4.0\bak
C:\Program Files\Sony\ISB Utility\bak
C:\Program Files\Sony\VAIO Camera Utility\bak
C:\Program Files\Sony\VAIO Power Management\bak
C:\Program Files\Sony\VAIO Update 2\bak
C:\Program Files\Sony\Wireless Switch Setting Utility\bak
C:\Program Files\Sympatico Starter Kit\bin\bak
C:\WINDOWS\SONYSYS\VAIO Recovery\bak
C:\Program Files\Common Files\ScanSoft Shared\SSBkgdUpdate\bak
C:\Program Files\Java\jre1.5.0_07\bin\bak
C:\Program Files\Common Files\AOL\1174700237\EE\bak

  • Close the text file and click Yes to save the changes.
  • When done, it automatically runs a new scan and opens a new log.
  • Please copy/paste the contents of the new awf.txt log in your reply.

.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#15 kmsteph

kmsteph
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:08:44 AM

Posted 28 February 2008 - 02:11 PM

Find AWF report by noahdfear 2006
Version 1.40
Option 3 run successfully

The current date is: Thu 02/28/2008
The current time is: 14:10:46.10


bak folders found
~~~~~~~~~~~


Directory of C:\PROGRA~1\MSNMES~1\BAK

0 File(s) 0 bytes

Directory of C:\PROGRA~1\SPYBOT~1\BAK

08/31/2007 04:46 PM 1,460,560 TeaTimer.exe
1 File(s) 1,460,560 bytes

Directory of C:\PROGRA~1\COMMON~1\SCANSO~1\SSBKGD~1\BAK

09/30/2003 12:14 AM 155,648 SSBkgdupdate.exe
1 File(s) 155,648 bytes


Duplicate files of bak directory contents
~~~~~~~~~~~~~~~~~~~~~~~

14348 Feb 27 2008 "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe"
1460560 Aug 31 2007 "C:\Program Files\Spybot - Search & Destroy\bak\TeaTimer.exe"
155648 Sep 30 2003 "C:\Program Files\Common Files\ScanSoft Shared\SSBkgdUpdate\SSBkgdupdate.exe"
155648 Sep 30 2003 "C:\Program Files\Common Files\ScanSoft Shared\SSBkgdUpdate\bak\SSBkgdupdate.exe"


end of report




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users