Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojan Infections / Spyware


  • Please log in to reply
21 replies to this topic

#1 bigpun34

bigpun34

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:09:54 PM

Posted 25 February 2008 - 08:35 PM

I recently picked these up on machine and have been unable to remove. Can someone please help me out with a viable option for removal?

Edit: Moved topic to the more appropriate forum. ~ Animal

BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,416 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:09:54 PM

Posted 25 February 2008 - 10:44 PM

Welcome to BC,let's begin here...

Click HERE to download FindAWF.exe and save it to your desktop.
Double-click on the FindAWF.exe file to run it.
It will open a command prompt and ask you to "Press any key to continue".
You will be presented with a Menu.
Type 1, then press Enter.
FindAWF tool will begin scanning.
It may take a few minutes to complete so be patient.
When the scan is finished, a text file in notepad called AWF.txt will automatically open.
Return to this thread and copy and paste the contents of the AWF.txt file in your next reply.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 bigpun34

bigpun34
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:09:54 PM

Posted 26 February 2008 - 01:21 AM

Find AWF report by noahdfear 2006
Version 1.40

The current date is: Tue 02/26/2008
The current time is: 1:15:00.75


bak folders found
~~~~~~~~~~~


Directory of C:\WINDOWS\BAK

0 File(s) 0 bytes

Directory of C:\PROGRA~1\BITTOR~1\BAK

0 File(s) 0 bytes

Directory of C:\PROGRA~1\ITUNES\BAK

12/11/2007 12:10 PM 267,048 iTunesHelper.exe
1 File(s) 267,048 bytes

Directory of C:\PROGRA~1\MESSEN~1\BAK

10/13/2004 11:24 AM 1,694,208 msmsgs.exe
1 File(s) 1,694,208 bytes

Directory of C:\PROGRA~1\MI558C~1\BAK

06/03/2004 03:51 AM 172,032 type32.exe
1 File(s) 172,032 bytes

Directory of C:\PROGRA~1\MIFB84~1\BAK

06/03/2004 03:50 AM 204,800 point32.exe
1 File(s) 204,800 bytes

Directory of C:\PROGRA~1\QUICKT~1\BAK

01/31/2008 11:13 PM 385,024 qttask.exe
1 File(s) 385,024 bytes

Directory of C:\WINDOWS\SYSTEM32\BAK

08/04/2004 07:00 AM 15,360 ctfmon.exe
06/20/2002 02:06 PM 339,968 hphmon04.exe
07/09/2001 11:50 AM 155,648 NeroCheck.exe
3 File(s) 510,976 bytes

Directory of C:\PROGRA~1\AHEAD\INCD\BAK

07/16/2004 07:50 AM 1,409,136 InCD.exe
1 File(s) 1,409,136 bytes

Directory of C:\PROGRA~1\HEWLET~1\HPSHAR~1\BAK

04/17/2002 10:42 AM 69,632 hpgs2wnd.exe
1 File(s) 69,632 bytes

Directory of C:\PROGRA~1\MICROS~2\SYSTEM\BAK

06/18/2003 02:00 PM 200,704 mnyexpr.exe
1 File(s) 200,704 bytes

Directory of C:\PROGRA~1\REAL\REALPL~1\BAK

08/19/2004 08:36 PM 26,112 RealPlay.exe
1 File(s) 26,112 bytes

Directory of C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\BAK

09/11/2006 03:40 AM 218,032 ISUSPM.exe
1 File(s) 218,032 bytes

Directory of C:\PROGRA~1\HPPHOT~1\HPHINS~1\UNIPATCH\BAK

05/24/2002 07:47 AM 49,152 hphupd04.exe
1 File(s) 49,152 bytes

Directory of C:\PROGRA~1\JAVA\JRE16~3.0_0\BIN\BAK

09/25/2007 01:11 AM 132,496 jusched.exe
1 File(s) 132,496 bytes

Directory of C:\PROGRA~1\ADOBE\PHOTOS~1\3.0\APPS\BAK

06/06/2005 10:46 PM 57,344 apdproxy.exe
1 File(s) 57,344 bytes

Directory of C:\PROGRA~1\COMMON~1\ROXIOS~1\9.0\SHARED~1\BAK

03/26/2007 06:07 AM 228,088 RoxWatchTray9.exe
1 File(s) 228,088 bytes

Directory of C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\BAK

05/24/2002 07:46 AM 188,416 hpztsb05.exe
1 File(s) 188,416 bytes


Duplicate files of bak directory contents
~~~~~~~~~~~~~~~~~~~~~~~

267048 Feb 4 2008 "C:\Program Files\iTunes\iTunesHelper.exe1111469764"
267048 Dec 11 2007 "C:\Program Files\iTunes\bak\iTunesHelper.exe"
102400 Feb 16 2008 "C:\WINDOWS\Installer\{02DFB3FD-CF52-4183-8BCA-2A127D4888F4}\iTunesIco.exe"
116008 Dec 11 2007 "C:\Documents and Settings\Owner\Local Settings\Temp\IXP357.TMP\iTunesSetupAdmin.exe"
79144 Feb 4 2008 "C:\Documents and Settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 7.6.0.29\iTunesSetupAdmin.exe"
14348 Feb 24 2008 "C:\Program Files\Messenger\msmsgs.exe"
1667584 Aug 4 2004 "C:\WINDOWS\$NtUninstallKB887472$\msmsgs.exe"
1694208 Oct 13 2004 "C:\Program Files\Messenger\bak\msmsgs.exe"
1694208 Oct 13 2004 "C:\WINDOWS\$hf_mig$\KB887472\SP2QFE\msmsgs.exe"
14348 Feb 24 2008 "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
172032 Jun 3 2004 "C:\Program Files\Microsoft IntelliType Pro\bak\type32.exe"
14348 Feb 24 2008 "C:\Program Files\Microsoft IntelliPoint\point32.exe"
204800 Jun 3 2004 "C:\Program Files\Microsoft IntelliPoint\bak\point32.exe"
14348 Feb 24 2008 "C:\Program Files\QuickTime\qttask.exe"
385024 Jan 31 2008 "C:\Program Files\QuickTime\bak\qttask.exe"
15360 Aug 4 2004 "C:\WINDOWS\system32\ctfmon.exe"
15360 Aug 4 2004 "C:\WINDOWS\system32\bak\ctfmon.exe"
14348 Feb 24 2008 "C:\WINDOWS\system32\hphmon04.exe"
339968 Jun 20 2002 "C:\WINDOWS\system32\bak\hphmon04.exe"
14348 Feb 24 2008 "C:\WINDOWS\system32\NeroCheck.exe"
155648 Jul 9 2001 "C:\WINDOWS\system32\bak\NeroCheck.exe"
14348 Feb 24 2008 "C:\Program Files\Ahead\InCD\InCD.exe"
1409136 Jul 16 2004 "C:\Program Files\Ahead\InCD\bak\InCD.exe"
14348 Feb 24 2008 "C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe"
69632 Apr 17 2002 "C:\Program Files\Hewlett-Packard\HP Share-to-Web\bak\hpgs2wnd.exe"
14348 Feb 24 2008 "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
200704 Jun 18 2003 "C:\Program Files\Microsoft Money\System\bak\mnyexpr.exe"
14348 Feb 24 2008 "C:\Program Files\Real\RealPlayer\RealPlay.exe"
26112 Aug 19 2004 "C:\Program Files\Real\RealPlayer\bak\RealPlay.exe"
14348 Feb 24 2008 "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe"
218032 Sep 11 2006 "C:\Program Files\Common Files\InstallShield\UpdateService\bak\ISUSPM.exe"
14348 Feb 24 2008 "C:\Program Files\HP Photosmart 11\hphinstall\UniPatch\hphupd04.exe"
49152 May 24 2002 "C:\Program Files\HP Photosmart 11\hphinstall\UniPatch\bak\hphupd04.exe"
75520 Dec 15 2006 "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
132496 Jul 12 2007 "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
132496 Sep 25 2007 "C:\Program Files\Java\jre1.6.0_03\bin\bak\jusched.exe"
14348 Feb 24 2008 "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
57344 Jun 6 2005 "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\bak\apdproxy.exe"
166648 Mar 26 2007 "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe"
228088 Mar 26 2007 "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\bak\RoxWatchTray9.exe"
14348 Feb 24 2008 "C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe"
188416 May 24 2002 "C:\WINDOWS\system32\spool\drivers\w32x86\3\bak\hpztsb05.exe"


end of report

#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,416 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:09:54 PM

Posted 26 February 2008 - 12:30 PM

You have a downloader trojan called Downloader.Agent.awf or Downloader.Agent.ayy. This trojan replaces legitimate files that are common on most computers with an infected file. It then moves the legitimate file to a "bak" or backup folder. Please follow steps below:

Copy the file paths in quote below to the clipboard, highlight all of them right-click and choose copy, or highlight them and press Ctrl+C:

"C:\Program Files\Messenger\msmsgs.exe"
"C:\Program Files\Microsoft IntelliType Pro\type32.exe"
"C:\Program Files\Microsoft IntelliPoint\point32.exe"
"C:\Program Files\QuickTime\qttask.exe"
"C:\WINDOWS\system32\hphmon04.exe"
"C:\WINDOWS\system32\NeroCheck.exe"
"C:\Program Files\Ahead\InCD\InCD.exe"
"C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe"
"C:\Program Files\Microsoft Money\System\mnyexpr.exe"
"C:\Program Files\Real\RealPlayer\RealPlay.exe"
"C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe"
"C:\Program Files\HP Photosmart 11\hphinstall\UniPatch\hphupd04.exe"
"C:\Program Files\Messenger\bak\msmsgs.exe"
"C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
"C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe"
"C:\WINDOWS\$hf_mig$\KB887472\SP2QFE\msmsgs.exe"
"C:\WINDOWS\system32\ctfmon.exe"
"C:\WINDOWS\system32\bak\ctfmon.exe"


Double-click on the FindAWF.exe file to run it.
It will open a command prompt and ask you to "Press any key to continue".
You will be presented with a Menu.
Type 2, then press Enter.
Press any key to continue.
A Notepad document files.txt will appear with instructions to click below the line and paste the list of files to be restored.
Right click below the line and paste the list of files that were copied to the clipboard (Ctrl+V).
Close Notepad and you will receive prompt to save the changes, click Yes.
The program will proceed with working.
It may take a few minutes to complete so be patient.
When the scan is finished, it will open a text file in notepad called AWF.txt.
Return to this thread and copy and paste the contents of the AWF.txt file in your next reply.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#5 bigpun34

bigpun34
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:09:54 PM

Posted 26 February 2008 - 03:28 PM

Find AWF report by noahdfear 2006
Version 1.40
Option 2 run successfully

The current date is: Tue 02/26/2008
The current time is: 15:01:38.71


bak folders found
~~~~~~~~~~~


Directory of C:\WINDOWS\BAK

0 File(s) 0 bytes

Directory of C:\PROGRA~1\BITTOR~1\BAK

0 File(s) 0 bytes

Directory of C:\PROGRA~1\ITUNES\BAK

12/11/2007 12:10 PM 267,048 iTunesHelper.exe
1 File(s) 267,048 bytes

Directory of C:\PROGRA~1\MESSEN~1\BAK

10/13/2004 11:24 AM 1,694,208 msmsgs.exe
1 File(s) 1,694,208 bytes

Directory of C:\PROGRA~1\MI558C~1\BAK

06/03/2004 03:51 AM 172,032 type32.exe
1 File(s) 172,032 bytes

Directory of C:\PROGRA~1\MIFB84~1\BAK

06/03/2004 03:50 AM 204,800 point32.exe
1 File(s) 204,800 bytes

Directory of C:\PROGRA~1\QUICKT~1\BAK

01/31/2008 11:13 PM 385,024 qttask.exe
1 File(s) 385,024 bytes

Directory of C:\WINDOWS\SYSTEM32\BAK

08/04/2004 07:00 AM 15,360 ctfmon.exe
06/20/2002 02:06 PM 339,968 hphmon04.exe
07/09/2001 11:50 AM 155,648 NeroCheck.exe
3 File(s) 510,976 bytes

Directory of C:\PROGRA~1\AHEAD\INCD\BAK

07/16/2004 07:50 AM 1,409,136 InCD.exe
1 File(s) 1,409,136 bytes

Directory of C:\PROGRA~1\HEWLET~1\HPSHAR~1\BAK

04/17/2002 10:42 AM 69,632 hpgs2wnd.exe
1 File(s) 69,632 bytes

Directory of C:\PROGRA~1\MICROS~2\SYSTEM\BAK

06/18/2003 02:00 PM 200,704 mnyexpr.exe
1 File(s) 200,704 bytes

Directory of C:\PROGRA~1\REAL\REALPL~1\BAK

08/19/2004 08:36 PM 26,112 RealPlay.exe
1 File(s) 26,112 bytes

Directory of C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\BAK

09/11/2006 03:40 AM 218,032 ISUSPM.exe
1 File(s) 218,032 bytes

Directory of C:\PROGRA~1\HPPHOT~1\HPHINS~1\UNIPATCH\BAK

05/24/2002 07:47 AM 49,152 hphupd04.exe
1 File(s) 49,152 bytes

Directory of C:\PROGRA~1\JAVA\JRE16~3.0_0\BIN\BAK

09/25/2007 01:11 AM 132,496 jusched.exe
1 File(s) 132,496 bytes

Directory of C:\PROGRA~1\ADOBE\PHOTOS~1\3.0\APPS\BAK

06/06/2005 10:46 PM 57,344 apdproxy.exe
1 File(s) 57,344 bytes

Directory of C:\PROGRA~1\COMMON~1\ROXIOS~1\9.0\SHARED~1\BAK

03/26/2007 06:07 AM 228,088 RoxWatchTray9.exe
1 File(s) 228,088 bytes

Directory of C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\BAK

05/24/2002 07:46 AM 188,416 hpztsb05.exe
1 File(s) 188,416 bytes


Duplicate files of bak directory contents
~~~~~~~~~~~~~~~~~~~~~~~

267048 Feb 4 2008 "C:\Program Files\iTunes\iTunesHelper.exe1111469764"
267048 Dec 11 2007 "C:\Program Files\iTunes\bak\iTunesHelper.exe"
102400 Feb 16 2008 "C:\WINDOWS\Installer\{02DFB3FD-CF52-4183-8BCA-2A127D4888F4}\iTunesIco.exe"
116008 Dec 11 2007 "C:\Documents and Settings\Owner\Local Settings\Temp\IXP357.TMP\iTunesSetupAdmin.exe"
79144 Feb 4 2008 "C:\Documents and Settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 7.6.0.29\iTunesSetupAdmin.exe"
1694208 Oct 13 2004 "C:\Program Files\Messenger\msmsgs.exe"
1667584 Aug 4 2004 "C:\WINDOWS\$NtUninstallKB887472$\msmsgs.exe"
1694208 Oct 13 2004 "C:\Program Files\Messenger\bak\msmsgs.exe"
1694208 Oct 13 2004 "C:\WINDOWS\$hf_mig$\KB887472\SP2QFE\msmsgs.exe"
14348 Feb 24 2008 "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
172032 Jun 3 2004 "C:\Program Files\Microsoft IntelliType Pro\bak\type32.exe"
14348 Feb 24 2008 "C:\Program Files\Microsoft IntelliPoint\point32.exe"
204800 Jun 3 2004 "C:\Program Files\Microsoft IntelliPoint\bak\point32.exe"
14348 Feb 24 2008 "C:\Program Files\QuickTime\qttask.exe"
385024 Jan 31 2008 "C:\Program Files\QuickTime\bak\qttask.exe"
15360 Aug 4 2004 "C:\WINDOWS\system32\ctfmon.exe"
15360 Aug 4 2004 "C:\WINDOWS\system32\bak\ctfmon.exe"
14348 Feb 24 2008 "C:\WINDOWS\system32\hphmon04.exe"
339968 Jun 20 2002 "C:\WINDOWS\system32\bak\hphmon04.exe"
14348 Feb 24 2008 "C:\WINDOWS\system32\NeroCheck.exe"
155648 Jul 9 2001 "C:\WINDOWS\system32\bak\NeroCheck.exe"
14348 Feb 24 2008 "C:\Program Files\Ahead\InCD\InCD.exe"
1409136 Jul 16 2004 "C:\Program Files\Ahead\InCD\bak\InCD.exe"
14348 Feb 24 2008 "C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe"
69632 Apr 17 2002 "C:\Program Files\Hewlett-Packard\HP Share-to-Web\bak\hpgs2wnd.exe"
14348 Feb 24 2008 "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
200704 Jun 18 2003 "C:\Program Files\Microsoft Money\System\bak\mnyexpr.exe"
14348 Feb 24 2008 "C:\Program Files\Real\RealPlayer\RealPlay.exe"
26112 Aug 19 2004 "C:\Program Files\Real\RealPlayer\bak\RealPlay.exe"
14348 Feb 24 2008 "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe"
218032 Sep 11 2006 "C:\Program Files\Common Files\InstallShield\UpdateService\bak\ISUSPM.exe"
14348 Feb 24 2008 "C:\Program Files\HP Photosmart 11\hphinstall\UniPatch\hphupd04.exe"
49152 May 24 2002 "C:\Program Files\HP Photosmart 11\hphinstall\UniPatch\bak\hphupd04.exe"
75520 Dec 15 2006 "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
132496 Jul 12 2007 "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
132496 Sep 25 2007 "C:\Program Files\Java\jre1.6.0_03\bin\bak\jusched.exe"
14348 Feb 24 2008 "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
57344 Jun 6 2005 "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\bak\apdproxy.exe"
166648 Mar 26 2007 "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe"
228088 Mar 26 2007 "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\bak\RoxWatchTray9.exe"
14348 Feb 24 2008 "C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe"
188416 May 24 2002 "C:\WINDOWS\system32\spool\drivers\w32x86\3\bak\hpztsb05.exe"


end of report

#6 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,416 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:09:54 PM

Posted 26 February 2008 - 09:16 PM

Copy the paths in quote below to the clipboard, highlight all of them right-click and choose copy, or highlight them and press Ctrl+C:

C:\Program Files\Microsoft IntelliPoint\bak
C:\Program Files\QuickTime\bak
C:\WINDOWS\system32\bak
C:\WINDOWS\system32\bak
C:\WINDOWS\system32\bak
C:\Program Files\Ahead\InCD\bak
C:\Program Files\Hewlett-Packard\HP Share-to-Web\bak
C:\Program Files\Microsoft Money\System\bak
C:\Program Files\Real\RealPlayer\bak
C:\Program Files\Common Files\InstallShield\UpdateService\bak
C:\Program Files\HP Photosmart 11\hphinstall\UniPatch\bak
C:\Program Files\Java\jre1.6.0_03\bin\bak
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\bak
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\bak
C:\WINDOWS\system32\spool\drivers\w32x86\3\bak


Double-click on the FindAWF.exe file to run it.
It will open a command prompt and ask you to "Press any key to continue".
You will be presented with a Menu.
Type 3, then press Enter.
Press any key to continue.
A Notepad document folders.txt will appear with instructions to click below the line and paste the list of folders to be removed.
Right click below the line and paste the list of paths that were copied to the clipboard (Ctrl+V).
Close Notepad and you will receive prompt to save the changes, click Yes.
The program will proceed with working.
It may take a few minutes to complete so be patient.
When the scan is finished, it will open a text file in notepad called AWF.txt.
Return to this thread and copy and paste the contents of the AWF.txt file in your next reply.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#7 bigpun34

bigpun34
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:09:54 PM

Posted 26 February 2008 - 09:38 PM

Find AWF report by noahdfear 2006
Version 1.40
Option 3 run successfully

The current date is: Tue 02/26/2008
The current time is: 21:21:00.23


bak folders found
~~~~~~~~~~~


Directory of C:\WINDOWS\BAK

0 File(s) 0 bytes

Directory of C:\PROGRA~1\BITTOR~1\BAK

0 File(s) 0 bytes

Directory of C:\PROGRA~1\ITUNES\BAK

12/11/2007 12:10 PM 267,048 iTunesHelper.exe
1 File(s) 267,048 bytes

Directory of C:\PROGRA~1\MESSEN~1\BAK

10/13/2004 11:24 AM 1,694,208 msmsgs.exe
1 File(s) 1,694,208 bytes

Directory of C:\PROGRA~1\MI558C~1\BAK

06/03/2004 03:51 AM 172,032 type32.exe
1 File(s) 172,032 bytes

Directory of C:\WINDOWS\SYSTEM32\BAK

06/20/2002 02:06 PM 339,968 hphmon04.exe
1 File(s) 339,968 bytes


Duplicate files of bak directory contents
~~~~~~~~~~~~~~~~~~~~~~~

267048 Feb 4 2008 "C:\Program Files\iTunes\iTunesHelper.exe1111469764"
267048 Dec 11 2007 "C:\Program Files\iTunes\bak\iTunesHelper.exe"
102400 Feb 16 2008 "C:\WINDOWS\Installer\{02DFB3FD-CF52-4183-8BCA-2A127D4888F4}\iTunesIco.exe"
116008 Dec 11 2007 "C:\Documents and Settings\Owner\Local Settings\Temp\IXP357.TMP\iTunesSetupAdmin.exe"
79144 Feb 4 2008 "C:\Documents and Settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 7.6.0.29\iTunesSetupAdmin.exe"
1694208 Oct 13 2004 "C:\Program Files\Messenger\msmsgs.exe"
1667584 Aug 4 2004 "C:\WINDOWS\$NtUninstallKB887472$\msmsgs.exe"
1694208 Oct 13 2004 "C:\Program Files\Messenger\bak\msmsgs.exe"
1694208 Oct 13 2004 "C:\WINDOWS\$hf_mig$\KB887472\SP2QFE\msmsgs.exe"
14348 Feb 24 2008 "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
172032 Jun 3 2004 "C:\Program Files\Microsoft IntelliType Pro\bak\type32.exe"
14348 Feb 24 2008 "C:\WINDOWS\system32\hphmon04.exe"
339968 Jun 20 2002 "C:\WINDOWS\system32\bak\hphmon04.exe"


end of report

#8 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,416 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:09:54 PM

Posted 27 February 2008 - 10:41 AM

Man there appears to be some real stubborness here.. Run 3 again with these.
Copy the paths in quote below to the clipboard, highlight all of them right-click and choose copy, or highlight them and press Ctrl+C:

C:\Program Files\iTunes\bak
C:\Program Files\Messenger\bak
C:\Program Files\Microsoft IntelliType Pro\bak
C:\WINDOWS\system32\bak


Double-click on the FindAWF.exe file to run it.
It will open a command prompt and ask you to "Press any key to continue".
You will be presented with a Menu.
Type 3, then press Enter.
Press any key to continue.
A Notepad document folders.txt will appear with instructions to click below the line and paste the list of folders to be removed.
Right click below the line and paste the list of paths that were copied to the clipboard (Ctrl+V).
Close Notepad and you will receive prompt to save the changes, click Yes.
The program will proceed with working.
It may take a few minutes to complete so be patient.
When the scan is finished, it will open a text file in notepad called AWF.txt.
Return to this thread and copy and paste the contents of the AWF.txt file in your next reply.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#9 bigpun34

bigpun34
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:09:54 PM

Posted 27 February 2008 - 07:43 PM

Find AWF report by noahdfear 2006
Version 1.40
Option 3 run successfully

The current date is: Wed 02/27/2008
The current time is: 19:40:46.60


bak folders found
~~~~~~~~~~~


Directory of C:\WINDOWS\BAK

0 File(s) 0 bytes

Directory of C:\PROGRA~1\BITTOR~1\BAK

0 File(s) 0 bytes

Directory of C:\WINDOWS\SYSTEM32\BAK

06/20/2002 02:06 PM 339,968 hphmon04.exe
1 File(s) 339,968 bytes


Duplicate files of bak directory contents
~~~~~~~~~~~~~~~~~~~~~~~

14348 Feb 24 2008 "C:\WINDOWS\system32\hphmon04.exe"
339968 Jun 20 2002 "C:\WINDOWS\system32\bak\hphmon04.exe"


end of report

#10 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,416 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:09:54 PM

Posted 27 February 2008 - 09:20 PM

Run # 3 once more ,this one is stubborn. If this doesn't go we can do it manually.

C:\WINDOWS\system32\bak


How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#11 bigpun34

bigpun34
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:09:54 PM

Posted 27 February 2008 - 11:57 PM

Find AWF report by noahdfear 2006
Version 1.40
Option 3 run successfully

The current date is: Wed 02/27/2008
The current time is: 23:54:38.76


bak folders found
~~~~~~~~~~~


Directory of C:\WINDOWS\BAK

0 File(s) 0 bytes

Directory of C:\PROGRA~1\BITTOR~1\BAK

0 File(s) 0 bytes

Directory of C:\WINDOWS\SYSTEM32\BAK

06/20/2002 02:06 PM 339,968 hphmon04.exe
1 File(s) 339,968 bytes


Duplicate files of bak directory contents
~~~~~~~~~~~~~~~~~~~~~~~

14348 Feb 24 2008 "C:\WINDOWS\system32\hphmon04.exe"
339968 Jun 20 2002 "C:\WINDOWS\system32\bak\hphmon04.exe"

#12 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,416 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:09:54 PM

Posted 28 February 2008 - 09:08 PM

Sorry for the delay my ISP went down today, this should be the end.

Open Windows Explorer, navigate to and delete the following bak folder(s):

C:\WINDOWS\system32\bak<- this folder

Double-click on the FindAWF.exe file to run it.
It will open a command prompt and ask you to "Press any key to continue".
You will be presented with a Menu.
Press 4, then press Enter.
Press 1 then Enter to continue.
When done, you will receive similar message like this:Done! Zones have been reset
Press E then Enter to exit.


Please download ATF Cleaner by Atribune. (This program is for XP and Windows 2000 only)Double-click ATF-Cleaner.exe to run the program.
Under Main "Select Files to Delete" choose: Select All.
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.

Edited by boopme, 28 February 2008 - 09:10 PM.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#13 bigpun34

bigpun34
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:09:54 PM

Posted 28 February 2008 - 11:50 PM

a.doginhispen.com

I still have this popping up in my history, the other 2 are gone but this one is still there. Have I thanked you yet for all the help? Thanks! Seems like we are almost home, but this one is still a little stubborn

#14 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,416 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:09:54 PM

Posted 29 February 2008 - 11:07 AM

Your welcome. I think it is just a stubborn infection. I am thinking let's go thriu this once more and see if it clears before we need to go HiJackThis.

Click HERE to download FindAWF.exe and save it to your desktop.
Double-click on the FindAWF.exe file to run it.
It will open a command prompt and ask you to "Press any key to continue".
You will be presented with a Menu.
Type 1, then press Enter.
FindAWF tool will begin scanning.
It may take a few minutes to complete so be patient.
When the scan is finished, a text file in notepad called AWF.txt will automatically open.
Return to this thread and copy and paste the contents of the AWF.txt file in your next reply.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#15 bigpun34

bigpun34
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:09:54 PM

Posted 29 February 2008 - 03:48 PM

Find AWF report by noahdfear 2006
Version 1.40

The current date is: Fri 02/29/2008
The current time is: 15:45:00.48


bak folders found
~~~~~~~~~~~


Directory of C:\WINDOWS\BAK

0 File(s) 0 bytes

Directory of C:\PROGRA~1\BITTOR~1\BAK

0 File(s) 0 bytes

Directory of C:\WINDOWS\SYSTEM32\BAK

06/20/2002 02:06 PM 339,968 hphmon04.exe
1 File(s) 339,968 bytes


Duplicate files of bak directory contents
~~~~~~~~~~~~~~~~~~~~~~~

14348 Feb 24 2008 "C:\WINDOWS\system32\hphmon04.exe"
339968 Jun 20 2002 "C:\WINDOWS\system32\bak\hphmon04.exe"


end of report




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users