Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Need Help With A.doginhispen


  • This topic is locked This topic is locked
3 replies to this topic

#1 bigdwhite

bigdwhite

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:06:58 AM

Posted 25 May 2008 - 08:40 AM

Hello helpful dudes and dudettes,

I'm trying to clean a customers laptop of a.doginhispen. i ran AWF as you have intructed others, kipping HJT. Any help would be greatly appreciated.

BigD


Find AWF report by noahdfear 2006
Version 1.40

The current date is: Sun 05/25/2008
The current time is: 2:52:54.45


bak folders found
~~~~~~~~~~~


Directory of C:\PROGRA~1\MESSEN~1\BAK

0 File(s) 0 bytes

Directory of C:\PROGRA~1\PDFCOM~1\BAK

02/20/2007 05:48 PM 331,552 pdfsty.exe
1 File(s) 331,552 bytes

Directory of C:\WINDOWS\CREATOR\BAK

03/09/2006 08:38 PM 806,912 Remind_XP.exe
1 File(s) 806,912 bytes

Directory of C:\WINDOWS\SMINST\BAK

12/20/2005 07:51 PM 1,187,840 Recguard.exe
10/09/2006 02:23 PM 697,976 Scheduler.exe
2 File(s) 1,885,816 bytes

Directory of C:\WINDOWS\SYSTEM32\BAK

01/24/2007 02:28 PM 124,928 AccelerometerSt.exe
08/04/2004 04:00 AM 15,360 ctfmon.exe
02/26/2007 06:34 AM 155,648 hkcmd.exe
02/26/2007 06:33 AM 131,072 igfxpers.exe
02/26/2007 06:34 AM 131,072 igfxtray.exe
5 File(s) 558,080 bytes

Directory of C:\PROGRA~1\ACRONIS\TRUEIM~1\BAK

0 File(s) 0 bytes

Directory of C:\PROGRA~1\ANALOG~1\CORE\BAK

01/05/2007 12:36 PM 872,448 smax4pnp.exe
1 File(s) 872,448 bytes

Directory of C:\PROGRA~1\ANALOG~1\SOUNDMAX\BAK

07/13/2006 10:12 AM 729,088 Smax4.exe
1 File(s) 729,088 bytes

Directory of C:\PROGRA~1\HEWLET~1\DEFAUL~1\BAK

05/03/2007 10:52 AM 57,344 cpqset.exe
1 File(s) 57,344 bytes

Directory of C:\PROGRA~1\HEWLET~1\HPPROT~1\BAK

01/09/2007 06:52 PM 145,184 PTHOSTTR.EXE
1 File(s) 145,184 bytes

Directory of C:\PROGRA~1\INTERV~1\DVDCHE~1\BAK

05/23/2007 11:00 AM 192,512 DVDCheck.exe
1 File(s) 192,512 bytes

Directory of C:\PROGRA~1\KASEYA\AGENT\BAK

06/04/2007 08:04 PM 192,512 KaUsrTsk.exe
1 File(s) 192,512 bytes

Directory of C:\PROGRA~1\SYNAPT~1\SYNTP\BAK

06/08/2007 12:47 AM 827,392 SynTPEnh.exe
1 File(s) 827,392 bytes

Directory of C:\PROGRA~1\ADOBE\READER~1.0\READER\BAK

05/11/2007 03:06 AM 40,048 Reader_sl.exe
1 File(s) 40,048 bytes

Directory of C:\PROGRA~1\COMMON~1\ACRONIS\SCHEDU~1\BAK

05/10/2007 12:02 PM 140,832 schedhlp.exe
1 File(s) 140,832 bytes

Directory of C:\PROGRA~1\COMMON~1\ADOBE\UPDATER5\BAK

03/01/2007 10:37 AM 2,321,600 AdobeUpdater.exe
1 File(s) 2,321,600 bytes

Directory of C:\PROGRA~1\JAVA\JRE16~2.0_0\BIN\BAK

09/25/2007 02:11 AM 132,496 jusched.exe
1 File(s) 132,496 bytes


Duplicate files of bak directory contents
~~~~~~~~~~~~~~~~~~~~~~~

14348 Feb 26 2008 "C:\Program Files\PDF Complete\pdfsty.exe"
331552 Feb 20 2007 "C:\Program Files\PDF Complete\bak\pdfsty.exe"
14348 Feb 26 2008 "C:\WINDOWS\CREATOR\Remind_XP.exe"
806912 Mar 9 2006 "C:\WINDOWS\CREATOR\bak\Remind_XP.exe"
14348 Feb 26 2008 "C:\WINDOWS\SMINST\Recguard.exe"
1187840 Dec 20 2005 "C:\WINDOWS\SMINST\bak\Recguard.exe"
14348 Feb 26 2008 "C:\WINDOWS\SMINST\Scheduler.exe"
697976 Oct 9 2006 "C:\WINDOWS\SMINST\bak\Scheduler.exe"
124928 Jan 24 2007 "C:\SwSetup\HPMDP\accelerometerST.exe"
14348 Feb 26 2008 "C:\WINDOWS\system32\AccelerometerSt.exe"
124928 Jan 24 2007 "C:\WINDOWS\system32\bak\AccelerometerSt.exe"
124928 Jan 24 2007 "C:\Program Files\Hewlett-Packard\HP 3D DriveGuard\WinSys32\accelerometerST.exe"
15360 Aug 4 2004 "C:\WINDOWS\system32\ctfmon.exe"
15360 Aug 4 2004 "C:\WINDOWS\system32\bak\ctfmon.exe"
155648 Feb 26 2007 "C:\SwSetup\VID2\hkcmd.exe"
14348 Feb 26 2008 "C:\WINDOWS\system32\hkcmd.exe"
155648 Feb 26 2007 "C:\SwSetup\VID2\Graphics\hkcmd.exe"
155648 Feb 26 2007 "C:\WINDOWS\system32\bak\hkcmd.exe"
155648 Feb 26 2007 "C:\WINDOWS\system32\DRVSTORE\igxp32_2BCC065B4AF8D6CEF5DD7CF6C13CF22610D01116\hkcmd.exe"
155648 Feb 26 2007 "C:\WINDOWS\system32\ReinstallBackups\0002\DriverFiles\hkcmd.exe"
155648 Feb 26 2007 "C:\WINDOWS\system32\ReinstallBackups\0004\DriverFiles\hkcmd.exe"
131072 Feb 26 2007 "C:\SwSetup\VID2\igfxpers.exe"
14348 Feb 26 2008 "C:\WINDOWS\system32\igfxpers.exe"
131072 Feb 26 2007 "C:\SwSetup\VID2\Graphics\igfxpers.exe"
131072 Feb 26 2007 "C:\WINDOWS\system32\bak\igfxpers.exe"
131072 Feb 26 2007 "C:\WINDOWS\system32\DRVSTORE\igxp32_2BCC065B4AF8D6CEF5DD7CF6C13CF22610D01116\igfxpers.exe"
131072 Feb 26 2007 "C:\WINDOWS\system32\ReinstallBackups\0002\DriverFiles\igfxpers.exe"
131072 Feb 26 2007 "C:\WINDOWS\system32\ReinstallBackups\0004\DriverFiles\igfxpers.exe"
131072 Feb 26 2007 "C:\SwSetup\VID2\igfxtray.exe"
14348 Feb 26 2008 "C:\WINDOWS\system32\igfxtray.exe"
131072 Feb 26 2007 "C:\SwSetup\VID2\Graphics\igfxtray.exe"
131072 Feb 26 2007 "C:\WINDOWS\system32\bak\igfxtray.exe"
131072 Feb 26 2007 "C:\WINDOWS\system32\DRVSTORE\igxp32_2BCC065B4AF8D6CEF5DD7CF6C13CF22610D01116\igfxtray.exe"
131072 Feb 26 2007 "C:\WINDOWS\system32\ReinstallBackups\0002\DriverFiles\igfxtray.exe"
131072 Feb 26 2007 "C:\WINDOWS\system32\ReinstallBackups\0004\DriverFiles\igfxtray.exe"
872448 Jan 5 2007 "C:\SwSetup\audio\SMax4PNP.exe"
14348 Feb 26 2008 "C:\Program Files\Analog Devices\Core\smax4pnp.exe"
872448 Jan 5 2007 "C:\Program Files\Analog Devices\Core\bak\smax4pnp.exe"
872448 Jan 5 2007 "C:\SwSetup\audio\SMAXWDM\W2K_XP\SMax4PNP.exe"
872448 Jan 5 2007 "C:\WINDOWS\system32\ReinstallBackups\0003\DriverFiles\smax4pnp.exe"
14348 Feb 26 2008 "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe"
729088 Jul 13 2006 "C:\Program Files\Analog Devices\SoundMAX\bak\Smax4.exe"
729088 Jul 13 2006 "C:\SwSetup\audio\SM_Panel\Sys\SMax4.exe"
14348 Feb 26 2008 "C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe"
57344 May 3 2007 "C:\Program Files\Hewlett-Packard\Default Settings\bak\cpqset.exe"
14348 Feb 26 2008 "C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE"
145184 Jan 9 2007 "C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\bak\PTHOSTTR.EXE"
1117755 May 30 2007 "C:\SwSetup\WinDVD5\DVDCheck.exe"
14348 Feb 26 2008 "C:\Program Files\InterVideo\DVD Check\DVDCheck.exe"
192512 May 23 2007 "C:\Program Files\InterVideo\DVD Check\bak\DVDCheck.exe"
229376 Mar 7 2008 "C:\Program Files\Kaseya\Agent\KaUsrTsk.exe"
192512 Jun 4 2007 "C:\Program Files\Kaseya\Agent\bak\KaUsrTsk.exe"
14348 Feb 26 2008 "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
827392 Jun 8 2007 "C:\Program Files\Synaptics\SynTP\bak\SynTPEnh.exe"
827392 Jan 12 2007 "C:\Program Files\Synaptics\SynTP\Media\SynTPEnh.exe"
827392 Jan 12 2007 "C:\SwSetup\Touchpad\WinNT5\x86\SynTPEnh.exe"
978944 Jan 12 2007 "C:\SwSetup\Touchpad\WinWDF\x64\SynTPEnh.exe"
827392 Jan 12 2007 "C:\SwSetup\Touchpad\WinWDF\x86\SynTPEnh.exe"
827392 Jan 12 2007 "C:\WINDOWS\system32\ReinstallBackups\0009\DriverFiles\SynTPEnh.exe"
14348 Feb 26 2008 "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
40048 May 11 2007 "C:\Program Files\Adobe\Reader 8.0\Reader\bak\Reader_sl.exe"
14348 Feb 26 2008 "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
140832 May 10 2007 "C:\Program Files\Common Files\Acronis\Schedule2\bak\schedhlp.exe"
140920 May 10 2007 "C:\Program Files\Adobe\Reader 8.0\Reader\AdobeUpdateCheck.exe"
45760 Mar 1 2007 "C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdaterInstallMgr.exe"
2321600 Mar 1 2007 "C:\Program Files\Common Files\Adobe\Updater5\bak\AdobeUpdater.exe"
77824 Jul 5 2007 "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
132496 Jul 12 2007 "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
14348 Feb 26 2008 "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
132496 Sep 25 2007 "C:\Program Files\Java\jre1.6.0_03\bin\bak\jusched.exe"


end of report

BC AdBot (Login to Remove)

 


m

#2 bigdwhite

bigdwhite
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:06:58 AM

Posted 25 May 2008 - 09:53 AM

Pasted these in files.txt:

"C:\Program Files\PDF Complete\bak\pdfsty.exe"
"C:\WINDOWS\CREATOR\bak\Remind_XP.exe"
"C:\WINDOWS\SMINST\bak\Recguard.exe"
"C:\WINDOWS\SMINST\bak\Scheduler.exe"
"C:\WINDOWS\system32\bak\AccelerometerSt.exe"
"C:\WINDOWS\system32\bak\ctfmon.exe"
"C:\WINDOWS\system32\bak\hkcmd.exe"
"C:\WINDOWS\system32\bak\igfxpers.exe"
"C:\WINDOWS\system32\bak\igfxtray.exe"
"C:\Program Files\Analog Devices\Core\bak\smax4pnp.exe"
"C:\Program Files\Analog Devices\SoundMAX\bak\Smax4.exe"
"C:\Program Files\Hewlett-Packard\Default Settings\bak\cpqset.exe"
"C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\bak\PTHOSTTR.EXE"
"C:\Program Files\InterVideo\DVD Check\bak\DVDCheck.exe"
"C:\Program Files\Kaseya\Agent\bak\KaUsrTsk.exe"
"C:\Program Files\Synaptics\SynTP\bak\SynTPEnh.exe"
"C:\Program Files\Adobe\Reader 8.0\Reader\bak\Reader_sl.exe"
"C:\Program Files\Common Files\Acronis\Schedule2\bak\schedhlp.exe"
"C:\Program Files\Common Files\Adobe\Updater5\bak\AdobeUpdater.exe"


Here's the result from step 2 rescan:


Find AWF report by noahdfear 2006
Version 1.40
Option 2 run successfully

The current date is: Sun 05/25/2008
The current time is: 10:09:09.48


bak folders found
~~~~~~~~~~~


Directory of C:\PROGRA~1\MESSEN~1\BAK

0 File(s) 0 bytes

Directory of C:\PROGRA~1\PDFCOM~1\BAK

02/20/2007 05:48 PM 331,552 pdfsty.exe
1 File(s) 331,552 bytes

Directory of C:\WINDOWS\CREATOR\BAK

03/09/2006 08:38 PM 806,912 Remind_XP.exe
1 File(s) 806,912 bytes

Directory of C:\WINDOWS\SMINST\BAK

12/20/2005 07:51 PM 1,187,840 Recguard.exe
10/09/2006 02:23 PM 697,976 Scheduler.exe
2 File(s) 1,885,816 bytes

Directory of C:\WINDOWS\SYSTEM32\BAK

01/24/2007 02:28 PM 124,928 AccelerometerSt.exe
08/04/2004 04:00 AM 15,360 ctfmon.exe
02/26/2007 06:34 AM 155,648 hkcmd.exe
02/26/2007 06:33 AM 131,072 igfxpers.exe
02/26/2007 06:34 AM 131,072 igfxtray.exe
5 File(s) 558,080 bytes

Directory of C:\PROGRA~1\ACRONIS\TRUEIM~1\BAK

0 File(s) 0 bytes

Directory of C:\PROGRA~1\ANALOG~1\CORE\BAK

01/05/2007 12:36 PM 872,448 smax4pnp.exe
1 File(s) 872,448 bytes

Directory of C:\PROGRA~1\ANALOG~1\SOUNDMAX\BAK

07/13/2006 10:12 AM 729,088 Smax4.exe
1 File(s) 729,088 bytes

Directory of C:\PROGRA~1\HEWLET~1\DEFAUL~1\BAK

05/03/2007 10:52 AM 57,344 cpqset.exe
1 File(s) 57,344 bytes

Directory of C:\PROGRA~1\HEWLET~1\HPPROT~1\BAK

01/09/2007 06:52 PM 145,184 PTHOSTTR.EXE
1 File(s) 145,184 bytes

Directory of C:\PROGRA~1\INTERV~1\DVDCHE~1\BAK

05/23/2007 11:00 AM 192,512 DVDCheck.exe
1 File(s) 192,512 bytes

Directory of C:\PROGRA~1\KASEYA\AGENT\BAK

06/04/2007 08:04 PM 192,512 KaUsrTsk.exe
1 File(s) 192,512 bytes

Directory of C:\PROGRA~1\SYNAPT~1\SYNTP\BAK

06/08/2007 12:47 AM 827,392 SynTPEnh.exe
1 File(s) 827,392 bytes

Directory of C:\PROGRA~1\ADOBE\READER~1.0\READER\BAK

05/11/2007 03:06 AM 40,048 Reader_sl.exe
1 File(s) 40,048 bytes

Directory of C:\PROGRA~1\COMMON~1\ACRONIS\SCHEDU~1\BAK

05/10/2007 12:02 PM 140,832 schedhlp.exe
1 File(s) 140,832 bytes

Directory of C:\PROGRA~1\COMMON~1\ADOBE\UPDATER5\BAK

03/01/2007 10:37 AM 2,321,600 AdobeUpdater.exe
1 File(s) 2,321,600 bytes

Directory of C:\PROGRA~1\JAVA\JRE16~2.0_0\BIN\BAK

09/25/2007 02:11 AM 132,496 jusched.exe
1 File(s) 132,496 bytes


Duplicate files of bak directory contents
~~~~~~~~~~~~~~~~~~~~~~~

331552 Feb 20 2007 "C:\Program Files\PDF Complete\pdfsty.exe"
331552 Feb 20 2007 "C:\Program Files\PDF Complete\bak\pdfsty.exe"
806912 Mar 9 2006 "C:\WINDOWS\CREATOR\Remind_XP.exe"
806912 Mar 9 2006 "C:\WINDOWS\CREATOR\bak\Remind_XP.exe"
1187840 Dec 20 2005 "C:\WINDOWS\SMINST\Recguard.exe"
1187840 Dec 20 2005 "C:\WINDOWS\SMINST\bak\Recguard.exe"
697976 Oct 9 2006 "C:\WINDOWS\SMINST\Scheduler.exe"
697976 Oct 9 2006 "C:\WINDOWS\SMINST\bak\Scheduler.exe"
124928 Jan 24 2007 "C:\SwSetup\HPMDP\accelerometerST.exe"
124928 Jan 24 2007 "C:\WINDOWS\system32\AccelerometerSt.exe"
124928 Jan 24 2007 "C:\WINDOWS\system32\bak\AccelerometerSt.exe"
124928 Jan 24 2007 "C:\Program Files\Hewlett-Packard\HP 3D DriveGuard\WinSys32\accelerometerST.exe"
15360 Aug 4 2004 "C:\WINDOWS\system32\ctfmon.exe"
15360 Aug 4 2004 "C:\WINDOWS\system32\bak\ctfmon.exe"
155648 Feb 26 2007 "C:\SwSetup\VID2\hkcmd.exe"
155648 Feb 26 2007 "C:\WINDOWS\system32\hkcmd.exe"
155648 Feb 26 2007 "C:\SwSetup\VID2\Graphics\hkcmd.exe"
155648 Feb 26 2007 "C:\WINDOWS\system32\bak\hkcmd.exe"
155648 Feb 26 2007 "C:\WINDOWS\system32\DRVSTORE\igxp32_2BCC065B4AF8D6CEF5DD7CF6C13CF22610D01116\hkcmd.exe"
155648 Feb 26 2007 "C:\WINDOWS\system32\ReinstallBackups\0002\DriverFiles\hkcmd.exe"
155648 Feb 26 2007 "C:\WINDOWS\system32\ReinstallBackups\0004\DriverFiles\hkcmd.exe"
131072 Feb 26 2007 "C:\SwSetup\VID2\igfxpers.exe"
131072 Feb 26 2007 "C:\WINDOWS\system32\igfxpers.exe"
131072 Feb 26 2007 "C:\SwSetup\VID2\Graphics\igfxpers.exe"
131072 Feb 26 2007 "C:\WINDOWS\system32\bak\igfxpers.exe"
131072 Feb 26 2007 "C:\WINDOWS\system32\DRVSTORE\igxp32_2BCC065B4AF8D6CEF5DD7CF6C13CF22610D01116\igfxpers.exe"
131072 Feb 26 2007 "C:\WINDOWS\system32\ReinstallBackups\0002\DriverFiles\igfxpers.exe"
131072 Feb 26 2007 "C:\WINDOWS\system32\ReinstallBackups\0004\DriverFiles\igfxpers.exe"
131072 Feb 26 2007 "C:\SwSetup\VID2\igfxtray.exe"
131072 Feb 26 2007 "C:\WINDOWS\system32\igfxtray.exe"
131072 Feb 26 2007 "C:\SwSetup\VID2\Graphics\igfxtray.exe"
131072 Feb 26 2007 "C:\WINDOWS\system32\bak\igfxtray.exe"
131072 Feb 26 2007 "C:\WINDOWS\system32\DRVSTORE\igxp32_2BCC065B4AF8D6CEF5DD7CF6C13CF22610D01116\igfxtray.exe"
131072 Feb 26 2007 "C:\WINDOWS\system32\ReinstallBackups\0002\DriverFiles\igfxtray.exe"
131072 Feb 26 2007 "C:\WINDOWS\system32\ReinstallBackups\0004\DriverFiles\igfxtray.exe"
872448 Jan 5 2007 "C:\SwSetup\audio\SMax4PNP.exe"
872448 Jan 5 2007 "C:\Program Files\Analog Devices\Core\smax4pnp.exe"
872448 Jan 5 2007 "C:\Program Files\Analog Devices\Core\bak\smax4pnp.exe"
872448 Jan 5 2007 "C:\SwSetup\audio\SMAXWDM\W2K_XP\SMax4PNP.exe"
872448 Jan 5 2007 "C:\WINDOWS\system32\ReinstallBackups\0003\DriverFiles\smax4pnp.exe"
729088 Jul 13 2006 "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe"
729088 Jul 13 2006 "C:\Program Files\Analog Devices\SoundMAX\bak\Smax4.exe"
729088 Jul 13 2006 "C:\SwSetup\audio\SM_Panel\Sys\SMax4.exe"
57344 May 3 2007 "C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe"
57344 May 3 2007 "C:\Program Files\Hewlett-Packard\Default Settings\bak\cpqset.exe"
145184 Jan 9 2007 "C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE"
145184 Jan 9 2007 "C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\bak\PTHOSTTR.EXE"
1117755 May 30 2007 "C:\SwSetup\WinDVD5\DVDCheck.exe"
192512 May 23 2007 "C:\Program Files\InterVideo\DVD Check\DVDCheck.exe"
192512 May 23 2007 "C:\Program Files\InterVideo\DVD Check\bak\DVDCheck.exe"
192512 Jun 4 2007 "C:\Program Files\Kaseya\Agent\KaUsrTsk.exe"
192512 Jun 4 2007 "C:\Program Files\Kaseya\Agent\bak\KaUsrTsk.exe"
827392 Jun 8 2007 "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
827392 Jun 8 2007 "C:\Program Files\Synaptics\SynTP\bak\SynTPEnh.exe"
827392 Jan 12 2007 "C:\Program Files\Synaptics\SynTP\Media\SynTPEnh.exe"
827392 Jan 12 2007 "C:\SwSetup\Touchpad\WinNT5\x86\SynTPEnh.exe"
978944 Jan 12 2007 "C:\SwSetup\Touchpad\WinWDF\x64\SynTPEnh.exe"
827392 Jan 12 2007 "C:\SwSetup\Touchpad\WinWDF\x86\SynTPEnh.exe"
827392 Jan 12 2007 "C:\WINDOWS\system32\ReinstallBackups\0009\DriverFiles\SynTPEnh.exe"
40048 May 11 2007 "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
40048 May 11 2007 "C:\Program Files\Adobe\Reader 8.0\Reader\bak\Reader_sl.exe"
140832 May 10 2007 "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
140832 May 10 2007 "C:\Program Files\Common Files\Acronis\Schedule2\bak\schedhlp.exe"
140920 May 10 2007 "C:\Program Files\Adobe\Reader 8.0\Reader\AdobeUpdateCheck.exe"
45760 Mar 1 2007 "C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdaterInstallMgr.exe"
2321600 Mar 1 2007 "C:\Program Files\Common Files\Adobe\Updater5\bak\AdobeUpdater.exe"
77824 Jul 5 2007 "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
132496 Jul 12 2007 "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
14348 Feb 26 2008 "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
132496 Sep 25 2007 "C:\Program Files\Java\jre1.6.0_03\bin\bak\jusched.exe"


end of report

#3 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:06:58 AM

Posted 30 May 2008 - 10:02 AM

Hello bigdwhite,

Welcome to Bleeping Computer :thumbsup:

Your Java is way out of date, which leaves your computer vulnerable, and those older versions are infected anyway with this AWF.

Updating Java
  • Download the latest version of Java Runtime Environment (JRE) 6u6.
  • Scroll down to where it says "The J2SE Runtime Environment (JRE) allows end-users to run Java applications".
  • Click the "Download" button to the right.
  • Check the box that says: "Accept License Agreement".
  • The page will refresh.
  • Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java version.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6-windows-i586.exe to install the newest version.
Please double-click the FindAWF icon once again
This time we are going to remove some folders.

If a Security Alert shows, allow the program to run.
As instructed, press any key to continue.
Use the following option: Press 3 then Enter to remove bak folders

A text file opens called: folders.txt
Click below the line and paste the following list of folders to be removed:

C:\Program Files\PDF Complete\bak
C:\WINDOWS\CREATOR\bak
C:\WINDOWS\SMINST\bak
C:\WINDOWS\system32\bak
C:\Program Files\Analog Devices\Core\bak
C:\Program Files\Analog Devices\SoundMAX\bak
C:\Program Files\Hewlett-Packard\Default Settings\bak
C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\bak
C:\Program Files\InterVideo\DVD Check\bak
C:\Program Files\Kaseya\Agent\bak
C:\Program Files\Adobe\Reader 8.0\Reader\bak
C:\Program Files\Common Files\Acronis\Schedule2\bak
C:\Program Files\Common Files\Adobe\Updater5\bak


Next, close and click Yes to save the changes.

When done with the above, FindAWF automatically runs a new scan and opens a new log that you need to post.
Please provide the new FindAWF log in your reply.

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#4 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:06:58 AM

Posted 15 June 2008 - 02:54 PM

Due to the lack of feedback this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users