Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

I keep getting pop ups and I think I am getting re infected

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Unread postby patty s » October 18th, 2007, 9:32 am

askey127, Thank you so much, I will highly recommend the forum, :D and will continue to browse it !
Signing off...patty s
patty s
Regular Member
 
Posts: 19
Joined: October 15th, 2007, 8:32 am
Location: pennsylvania, USA
Advertisement
Register to Remove

Still having history entries/HJT entry *.whataboutadog.com

Unread postby patty s » October 20th, 2007, 1:40 pm

I am still getting the *.whataboutadog.com entry in history. It shows up every day even after I delete it through HJT. It's gone on the re- scan but then shows up again. I have installed the following as per instructions and configured them as instructed. Find AWF, AVG 7.5, AVG AntiSpyware, SpywareBlaster, Hosts Manager(Biss/BlueTack) and WinPatrol. SpyBot had been installed previously and I wasn't told to get rid of it.I'd appreciate any more help you can give me. Also it seems to be running slower, because of all the intalled programs?
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:21, on 2007-10-20
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Analog Devices\SoundMAX\bak\bak\Smax4.exe
C:\Program Files\NetZero DSL\ConnectionCenter.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\sistray.exe
c:\program files\internet explorer\iexplore.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\reveal.exe.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.netzero.net/search?action ... search_dsl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.netzero.net/search?action ... search_dsl
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ycomp/ ... .yahoo.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: NetZero DSL - {8E613EAF-E16E-415C-BD39-F71D6A3B5518} - C:\Program Files\NetZero DSL\Toolbar.dll
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\bak\bak\Smax4.exe" /tray
O4 - HKLM\..\Run: [NetZeroDSL] "C:\Program Files\NetZero DSL\ConnectionCenter.exe"
O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O15 - Trusted Zone: *.whataboutadog.com
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

--
End of file - 4853 bytes
patty s
Regular Member
 
Posts: 19
Joined: October 15th, 2007, 8:32 am
Location: pennsylvania, USA

Unread postby askey127 » October 20th, 2007, 2:59 pm

patty s,
Start up FindAWF one more time
Choose option 4.

Then reboot when it's done and tell me if the item disappears.
askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 14025
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Find AWF seemed to work

Unread postby patty s » October 20th, 2007, 9:47 pm

askey127,
Yes running the Find AWF seemed to work. The test will be when I log on tomorrow, since it seemed to go away before and returned. I will check it then through history and HJT.
Thank you again.
patty s
patty s
Regular Member
 
Posts: 19
Joined: October 15th, 2007, 8:32 am
Location: pennsylvania, USA

can't get rid of stuff!!

Unread postby patty s » October 21st, 2007, 7:12 am

Askey127,
OK, this morning the *whataboutadog.com was in history again, when I checked to see "pages visited at" there were 2 entries, both numerical. Sorry I didn't think to jot them down. Also of course it was present in the HJT scan so I again deleted it.
Also when I went into the "regedit" to see if anything looked different there were of course many entries new to me, probably due to the installation of the new anti-malware programs, but the fulltiltpoker was there.I deleted it again. Please advise....
patty s
patty s
Regular Member
 
Posts: 19
Joined: October 15th, 2007, 8:32 am
Location: pennsylvania, USA

Unread postby askey127 » October 21st, 2007, 8:02 am

patty s,
Sorry, I see what the problem was-my error. We'll get them this time.
Please run FindAWF again, choose option 1, and post the AWF.txt file contents.
askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 14025
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

AWF.txt 10.21.07

Unread postby patty s » October 21st, 2007, 6:28 pm

askey127,
Not a big deal, I realize you are swamped and it must be difficult to keep track of so many systems.Here's the latest AWF.
Thank you,
patty s

Find AWF report by noahdfear ©2006
Version 1.40

The current date is: 2007-10-21
The current time is: 18:20:38.23


bak folders found
~~~~~~~~~~~


Directory of C:\PROGRA~1\MESSEN~1\BAK

0 File(s) 0 bytes

Directory of C:\PROGRA~1\NETZERO\BAK

2007-03-06 20:00 1,629,184 exec.exe
1 File(s) 1,629,184 bytes

Directory of C:\PROGRA~1\NETZER~1\BAK

2007-05-14 12:18 1,050,360 ConnectionCenter.exe
1 File(s) 1,050,360 bytes

Directory of C:\PROGRA~1\ANALOG~1\SOUNDMAX\BAK

2007-10-03 19:56 27,664 Smax4.exe
2004-10-14 09:11 1,388,544 SMax4PNP.exe
2 File(s) 1,416,208 bytes

Directory of C:\PROGRA~1\COMMON~1\SYMANT~1\BAK

0 File(s) 0 bytes

Directory of C:\PROGRA~1\YAHOO!\SEARCH~1\BAK

2007-06-08 10:59 224,248 SearchProtection.exe
1 File(s) 224,248 bytes

Directory of C:\PROGRA~1\ANALOG~1\SOUNDMAX\BAK\BAK

2004-09-23 12:41 860,160 Smax4.exe
1 File(s) 860,160 bytes

Directory of C:\PROGRA~1\COMMON~1\SYMANT~1\SECURI~2\BAK

2004-11-02 19:59 218,240 UsrPrmpt.exe
1 File(s) 218,240 bytes

Directory of C:\PROGRA~1\JAVA\JRE16~1.0_0\BIN\BAK

2007-07-12 04:00 132,496 jusched.exe
1 File(s) 132,496 bytes

Directory of C:\WINDOWS\PCHEALTH\HELPCTR\BINARIES\BAK

2001-08-23 08:00 145,408 MSConfig.exe
1 File(s) 145,408 bytes


Duplicate files of bak directory contents
~~~~~~~~~~~~~~~~~~~~~~~

24080 Aug 28 2007 "C:\Program Files\NetZero\exec.exe"
1629184 Mar 6 2007 "C:\Program Files\NetZero\bak\exec.exe"
1095152 Sep 17 2007 "C:\Program Files\NetZero DSL\ConnectionCenter.exe"
1050360 May 14 2007 "C:\Program Files\NetZero DSL\bak\ConnectionCenter.exe"
1126320 Oct 11 2007 "C:\Documents and Settings\All Users\Application Data\NetZero DSL\Downloads\ConnectionCenter_.exe"
24080 Aug 28 2007 "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe"
27664 Oct 3 2007 "C:\Program Files\Analog Devices\SoundMAX\bak\Smax4.exe"
860160 Sep 23 2004 "C:\Program Files\Analog Devices\SoundMAX\bak\bak\Smax4.exe"
27664 Oct 3 2007 "C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe"
1388544 Oct 14 2004 "C:\Program Files\Analog Devices\SoundMAX\bak\SMax4PNP.exe"
24080 Aug 28 2007 "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe"
27664 Oct 3 2007 "C:\Program Files\Analog Devices\SoundMAX\bak\Smax4.exe"
860160 Sep 23 2004 "C:\Program Files\Analog Devices\SoundMAX\bak\bak\Smax4.exe"
27664 Oct 3 2007 "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
224248 Jun 8 2007 "C:\Program Files\Yahoo!\Search Protection\bak\SearchProtection.exe"
24080 Aug 28 2007 "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe"
27664 Oct 3 2007 "C:\Program Files\Analog Devices\SoundMAX\bak\Smax4.exe"
860160 Sep 23 2004 "C:\Program Files\Analog Devices\SoundMAX\bak\bak\Smax4.exe"
218240 Nov 2 2004 "C:\Program Files\Common Files\Symantec Shared\Security Center\bak\UsrPrmpt.exe"
132496 Jul 12 2007 "C:\Program Files\Java\jre1.6.0_02\bin\bak\jusched.exe"
158208 Aug 4 2004 "C:\WINDOWS\PCHEALTH\HELPCTR\Binaries\msconfig.exe"
145408 Aug 23 2001 "C:\WINDOWS\PCHEALTH\HELPCTR\Binaries\bak\MSConfig.exe"


end of report
patty s
Regular Member
 
Posts: 19
Joined: October 15th, 2007, 8:32 am
Location: pennsylvania, USA

Unread postby askey127 » October 21st, 2007, 7:11 pm

patty s,
Fix AWF Infection
Copy the file paths in the quote box below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):
"C:\Program Files\NetZero\bak\exec.exe"
"C:\Program Files\NetZero DSL\bak\ConnectionCenter.exe"
"C:\Program Files\Analog Devices\SoundMAX\bak\Smax4.exe"
"C:\Program Files\Analog Devices\SoundMAX\bak\bak\Smax4.exe"
"C:\Program Files\Analog Devices\SoundMAX\bak\SMax4PNP.exe"
"C:\Program Files\Analog Devices\SoundMAX\bak\Smax4.exe"
"C:\Program Files\Analog Devices\SoundMAX\bak\bak\Smax4.exe"
"C:\Program Files\Yahoo!\Search Protection\bak\SearchProtection.exe"
"C:\Program Files\Analog Devices\SoundMAX\bak\Smax4.exe"
"C:\Program Files\Analog Devices\SoundMAX\bak\bak\Smax4.exe"
"C:\WINDOWS\PCHEALTH\HELPCTR\Binaries\bak\MSConfig.exe"
"C:\Program Files\Common Files\Symantec Shared\Security Center\bak\UsrPrmpt.exe"
"C:\Program Files\Java\jre1.6.0_02\bin\bak\jusched.exe"
  • Double-click on the FindAWF.exe file to run it.
  • It will open a command prompt and ask you to "Press any key to continue".
  • Press 2 then Enter
  • Notepad will open a file named FindAWF.txt. It will appear with instructions to click below the line and paste the list of files to be restored.
  • Right click below this line and select Edit, Paste, to paste the list of files copied to the clipboard earlier. Save and close the document.
  • The program will proceed to move the legit files and will perform another scan for bak folders.
  • It may take a few minutes to complete, so please be patient.
  • When it is complete, it will open a text file in Notepad called AWF.txt.
  • Please copy and paste the contents of the AWF.txt file in your next reply.


The problem we had was that when the file paths have a space in them, each file has to be enclosed in double quotes for the tool to work properly.

askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 14025
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

new AWF

Unread postby patty s » October 21st, 2007, 7:22 pm

askey127,
As you requested...
Find AWF report by noahdfear ©2006
Version 1.40
Option 2 run successfully

The current date is: 2007-10-21
The current time is: 19:20:03.29


bak folders found
~~~~~~~~~~~


Directory of C:\PROGRA~1\MESSEN~1\BAK

0 File(s) 0 bytes

Directory of C:\PROGRA~1\NETZERO\BAK

2007-03-06 20:00 1,629,184 exec.exe
1 File(s) 1,629,184 bytes

Directory of C:\PROGRA~1\NETZER~1\BAK

2007-05-14 12:18 1,050,360 ConnectionCenter.exe
1 File(s) 1,050,360 bytes

Directory of C:\PROGRA~1\ANALOG~1\SOUNDMAX\BAK

2004-09-23 12:41 860,160 Smax4.exe
2004-10-14 09:11 1,388,544 SMax4PNP.exe
2 File(s) 2,248,704 bytes

Directory of C:\PROGRA~1\COMMON~1\SYMANT~1\BAK

0 File(s) 0 bytes

Directory of C:\PROGRA~1\YAHOO!\SEARCH~1\BAK

2007-06-08 10:59 224,248 SearchProtection.exe
1 File(s) 224,248 bytes

Directory of C:\PROGRA~1\ANALOG~1\SOUNDMAX\BAK\BAK

2004-09-23 12:41 860,160 Smax4.exe
1 File(s) 860,160 bytes

Directory of C:\PROGRA~1\COMMON~1\SYMANT~1\SECURI~2\BAK

2004-11-02 19:59 218,240 UsrPrmpt.exe
1 File(s) 218,240 bytes

Directory of C:\PROGRA~1\JAVA\JRE16~1.0_0\BIN\BAK

2007-07-12 04:00 132,496 jusched.exe
1 File(s) 132,496 bytes

Directory of C:\WINDOWS\PCHEALTH\HELPCTR\BINARIES\BAK

2001-08-23 08:00 145,408 MSConfig.exe
1 File(s) 145,408 bytes


Duplicate files of bak directory contents
~~~~~~~~~~~~~~~~~~~~~~~

1629184 Mar 6 2007 "C:\Program Files\NetZero\exec.exe"
1629184 Mar 6 2007 "C:\Program Files\NetZero\bak\exec.exe"
1050360 May 14 2007 "C:\Program Files\NetZero DSL\ConnectionCenter.exe"
1050360 May 14 2007 "C:\Program Files\NetZero DSL\bak\ConnectionCenter.exe"
1126320 Oct 11 2007 "C:\Documents and Settings\All Users\Application Data\NetZero DSL\Downloads\ConnectionCenter_.exe"
860160 Sep 23 2004 "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe"
860160 Sep 23 2004 "C:\Program Files\Analog Devices\SoundMAX\bak\Smax4.exe"
860160 Sep 23 2004 "C:\Program Files\Analog Devices\SoundMAX\bak\bak\Smax4.exe"
1388544 Oct 14 2004 "C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe"
1388544 Oct 14 2004 "C:\Program Files\Analog Devices\SoundMAX\bak\SMax4PNP.exe"
860160 Sep 23 2004 "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe"
860160 Sep 23 2004 "C:\Program Files\Analog Devices\SoundMAX\bak\Smax4.exe"
860160 Sep 23 2004 "C:\Program Files\Analog Devices\SoundMAX\bak\bak\Smax4.exe"
224248 Jun 8 2007 "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
224248 Jun 8 2007 "C:\Program Files\Yahoo!\Search Protection\bak\SearchProtection.exe"
860160 Sep 23 2004 "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe"
860160 Sep 23 2004 "C:\Program Files\Analog Devices\SoundMAX\bak\Smax4.exe"
860160 Sep 23 2004 "C:\Program Files\Analog Devices\SoundMAX\bak\bak\Smax4.exe"
218240 Nov 2 2004 "C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe"
218240 Nov 2 2004 "C:\Program Files\Common Files\Symantec Shared\Security Center\bak\UsrPrmpt.exe"
132496 Jul 12 2007 "C:\Program Files\Java\jre1.6.0_02\bin\bak\jusched.exe"
158208 Aug 4 2004 "C:\WINDOWS\PCHEALTH\HELPCTR\Binaries\msconfig.exe"
145408 Aug 23 2001 "C:\WINDOWS\PCHEALTH\HELPCTR\Binaries\bak\MSConfig.exe"


end of report
Thank you,
patty
patty s
Regular Member
 
Posts: 19
Joined: October 15th, 2007, 8:32 am
Location: pennsylvania, USA

Unread postby askey127 » October 21st, 2007, 7:56 pm

patty s,
-----------------------------------------------------------
Cleanup AWF bak folders
Copy the file paths in the quote box below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):
"C:\Program Files\NetZero\bak\exec.exe"
"C:\Program Files\NetZero DSL\bak\ConnectionCenter.exe"
"C:\Program Files\Analog Devices\SoundMAX\bak\Smax4.exe"
"C:\Program Files\Analog Devices\SoundMAX\bak\bak\Smax4.exe"
"C:\Program Files\Analog Devices\SoundMAX\bak\SMax4PNP.exe"
"C:\Program Files\Analog Devices\SoundMAX\bak\Smax4.exe"
"C:\Program Files\Analog Devices\SoundMAX\bak\bak\Smax4.exe"
"C:\Program Files\Yahoo!\Search Protection\bak\SearchProtection.exe"
"C:\Program Files\Analog Devices\SoundMAX\bak\Smax4.exe"
"C:\Program Files\Analog Devices\SoundMAX\bak\bak\Smax4.exe"
"C:\WINDOWS\PCHEALTH\HELPCTR\Binaries\bak\MSConfig.exe"
"C:\Program Files\Common Files\Symantec Shared\Security Center\bak\UsrPrmpt.exe"
"C:\Program Files\Java\jre1.6.0_02\bin\bak\jusched.exe"
  • Double-click on the FindAWF.exe file to run it.
  • It will open a command prompt and ask you to "Press any key to continue".
  • When the Menu comes up, Press 3 then Enter
  • Notepad will open a file named FindAWF.txt. It will appear with instructions to click below the line and paste the list of files to be deleted.
  • Right click below this line and select Edit, Paste, to paste the list of files copied to the clipboard earlier. Save and close the document.
  • The program will proceed to remove the bak folders.
  • It may take a few minutes to complete, so please be patient.
  • When it is complete, it will open a text file in Notepad called AWF.txt.
  • Please copy and paste the contents of the AWF.txt file in your next reply.

askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 14025
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

quick question

Unread postby patty s » October 21st, 2007, 8:12 pm

When I hit 3, enter it gives a message saying REMOVE ALL QUOTES!!! No file names no trailing backslash....
DO I NEED TO UNQUOTE NOW OR RUN AS IS ???

patty s
patty s
Regular Member
 
Posts: 19
Joined: October 15th, 2007, 8:32 am
Location: pennsylvania, USA

new AWF

Unread postby patty s » October 21st, 2007, 8:43 pm

askey127, I ran it without changing anything, please let me know if I need to do it again (after removing the quotes). Here is the latest AWF.
patty s

Find AWF report by noahdfear ©2006
Version 1.40
Option 3 run successfully

The current date is: 2007-10-21
The current time is: 20:39:26.71


bak folders found
~~~~~~~~~~~


Directory of C:\PROGRA~1\MESSEN~1\BAK

0 File(s) 0 bytes

Directory of C:\PROGRA~1\NETZERO\BAK

2007-03-06 20:00 1,629,184 exec.exe
1 File(s) 1,629,184 bytes

Directory of C:\PROGRA~1\NETZER~1\BAK

2007-05-14 12:18 1,050,360 ConnectionCenter.exe
1 File(s) 1,050,360 bytes

Directory of C:\PROGRA~1\ANALOG~1\SOUNDMAX\BAK

2004-09-23 12:41 860,160 Smax4.exe
2004-10-14 09:11 1,388,544 SMax4PNP.exe
2 File(s) 2,248,704 bytes

Directory of C:\PROGRA~1\COMMON~1\SYMANT~1\BAK

0 File(s) 0 bytes

Directory of C:\PROGRA~1\YAHOO!\SEARCH~1\BAK

2007-06-08 10:59 224,248 SearchProtection.exe
1 File(s) 224,248 bytes

Directory of C:\PROGRA~1\ANALOG~1\SOUNDMAX\BAK\BAK

2004-09-23 12:41 860,160 Smax4.exe
1 File(s) 860,160 bytes

Directory of C:\PROGRA~1\COMMON~1\SYMANT~1\SECURI~2\BAK

2004-11-02 19:59 218,240 UsrPrmpt.exe
1 File(s) 218,240 bytes

Directory of C:\PROGRA~1\JAVA\JRE16~1.0_0\BIN\BAK

2007-07-12 04:00 132,496 jusched.exe
1 File(s) 132,496 bytes

Directory of C:\WINDOWS\PCHEALTH\HELPCTR\BINARIES\BAK

2001-08-23 08:00 145,408 MSConfig.exe
1 File(s) 145,408 bytes


Duplicate files of bak directory contents
~~~~~~~~~~~~~~~~~~~~~~~

1629184 Mar 6 2007 "C:\Program Files\NetZero\exec.exe"
1629184 Mar 6 2007 "C:\Program Files\NetZero\bak\exec.exe"
1050360 May 14 2007 "C:\Program Files\NetZero DSL\ConnectionCenter.exe"
1050360 May 14 2007 "C:\Program Files\NetZero DSL\bak\ConnectionCenter.exe"
1126320 Oct 11 2007 "C:\Documents and Settings\All Users\Application Data\NetZero DSL\Downloads\ConnectionCenter_.exe"
860160 Sep 23 2004 "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe"
860160 Sep 23 2004 "C:\Program Files\Analog Devices\SoundMAX\bak\Smax4.exe"
860160 Sep 23 2004 "C:\Program Files\Analog Devices\SoundMAX\bak\bak\Smax4.exe"
1388544 Oct 14 2004 "C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe"
1388544 Oct 14 2004 "C:\Program Files\Analog Devices\SoundMAX\bak\SMax4PNP.exe"
860160 Sep 23 2004 "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe"
860160 Sep 23 2004 "C:\Program Files\Analog Devices\SoundMAX\bak\Smax4.exe"
860160 Sep 23 2004 "C:\Program Files\Analog Devices\SoundMAX\bak\bak\Smax4.exe"
224248 Jun 8 2007 "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
224248 Jun 8 2007 "C:\Program Files\Yahoo!\Search Protection\bak\SearchProtection.exe"
860160 Sep 23 2004 "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe"
860160 Sep 23 2004 "C:\Program Files\Analog Devices\SoundMAX\bak\Smax4.exe"
860160 Sep 23 2004 "C:\Program Files\Analog Devices\SoundMAX\bak\bak\Smax4.exe"
218240 Nov 2 2004 "C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe"
218240 Nov 2 2004 "C:\Program Files\Common Files\Symantec Shared\Security Center\bak\UsrPrmpt.exe"
132496 Jul 12 2007 "C:\Program Files\Java\jre1.6.0_02\bin\bak\jusched.exe"
158208 Aug 4 2004 "C:\WINDOWS\PCHEALTH\HELPCTR\Binaries\msconfig.exe"
145408 Aug 23 2001 "C:\WINDOWS\PCHEALTH\HELPCTR\Binaries\bak\MSConfig.exe"
patty s
Regular Member
 
Posts: 19
Joined: October 15th, 2007, 8:32 am
Location: pennsylvania, USA

Unread postby askey127 » October 21st, 2007, 10:14 pm

-----------------------------------------------------------
Cleanup AWF bak folders
Copy the file paths in the quote box below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):
C:\Program Files\NetZero\bak
C:\Program Files\NetZero DSL\bak
C:\Program Files\Yahoo!\Search Protection\bak
C:\Program Files\Analog Devices\SoundMAX\bak\bak
C:\Program Files\Analog Devices\SoundMAX\bak
C:\WINDOWS\PCHEALTH\HELPCTR\Binaries\bak
C:\Program Files\Common Files\Symantec Shared\Security Center\bak
C:\Program Files\Java\jre1.6.0_02\bin\bak
  • Double-click on the FindAWF.exe file to run it.
  • It will open a command prompt and ask you to "Press any key to continue".
  • When the Menu comes up, press 3 then Enter
  • Notepad will open a file named FindAWF.txt. It will appear with instructions to click below the line and paste the list of files to be deleted.
  • Right click below this line and select Edit, Paste, to paste the list of files copied to the clipboard earlier. Save and close the document.
  • The program will proceed to remove the bak folders.
  • It may take a few minutes to complete, so please be patient.
  • When it is complete, it will open a text file in Notepad called AWF.txt.
  • Please copy and paste the contents of the AWF.txt file in your next reply.
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 14025
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Ok did the AWF option 3

Unread postby patty s » October 22nd, 2007, 6:56 am

Find AWF report by noahdfear ©2006
Version 1.40
Option 3 run successfully

The current date is: 2007-10-22
The current time is: 6:54:48.26


bak folders found
~~~~~~~~~~~


Directory of C:\PROGRA~1\MESSEN~1\BAK

0 File(s) 0 bytes

Directory of C:\PROGRA~1\ANALOG~1\SOUNDMAX\BAK

0 File(s) 0 bytes

Directory of C:\PROGRA~1\COMMON~1\SYMANT~1\BAK

0 File(s) 0 bytes

Directory of C:\PROGRA~1\ANALOG~1\SOUNDMAX\BAK\BAK

2004-09-23 12:41 860,160 Smax4.exe
1 File(s) 860,160 bytes


Duplicate files of bak directory contents
~~~~~~~~~~~~~~~~~~~~~~~

860160 Sep 23 2004 "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe"
860160 Sep 23 2004 "C:\Program Files\Analog Devices\SoundMAX\bak\bak\Smax4.exe"
860160 Sep 23 2004 "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe"
860160 Sep 23 2004 "C:\Program Files\Analog Devices\SoundMAX\bak\bak\Smax4.exe"


end of report
patty s
Regular Member
 
Posts: 19
Joined: October 15th, 2007, 8:32 am
Location: pennsylvania, USA

Unread postby askey127 » October 22nd, 2007, 7:23 am

patty s,
Good job.
-----------------------------------------------------------
Folder Deletion
In Windows Explorer (My Computer), navigate to each folder shown below, highlight each in turn, if found, and press Delete.
C:\Program Files\Analog Devices\SoundMAX\bak\bak\
C:\Program Files\Analog Devices\SoundMAX\bak\
You may have to first open the folder, choose View, Details, and delete all the underlying files and folders before an entire folder can be deleted.
If you need to delete underlying files in a folder and are unable to do so:
Right click the file set for deletion, and check Properties to see if it's read-only. Uncheck the read-only box, click Apply and OK. Then retry Delete.
-----------------------------------------------------------
Cleanup AWF domain zones
  • Double-click on the FindAWF.exe file to run it.
  • It will open a command prompt and ask you to Press any key to continue.
  • Press any key and you will be presented with a menu:
    1. Press 1 then Enter to scan for bak folders
    2. Press 2 then Enter to restore files from bak folders
    3. Press 3 then Enter to remove bak folders
    4. Press 4 then Enter to reset domain zones
    5. Press E then Enter to EXIT
Press 4 then Enter and 1
  • It may take a few minutes to complete so be patient.
  • When it is complete, it will open a text file in notepad called AWF.txt which will automatically be saved to your desktop or to the same location as FindAWF.exe.
  • Copy and paste the contents of the AWF.txt file in your next reply.
-----------------------------------------------------------
Run AVG Anti-Spyware:
Double Click on AVG-AntiSpyware
Click on Scanner on the toolbar.
Click on the Settings tab.
  • Under How to act? - make sure that Quarantine is selected.
  • Under How to scan? - All checkboxes should be ticked.
  • Under Possibly unwanted software - All checkboxes should be ticked.
  • Under Reports - Select Do not automatically generate reports. <== This is important
  • Under What to scan? - Select Scan every file.
Close all open windows.
  • Click on Scanner on the program's toolbar.
  • Click on Complete System Scan to start the scan process.
  • Let the program scan your computer.
  • When the scan has finished, follow the instructions below:
    • Make sure that Set all elements to: shows Quarantine
    • Important: Click on the Apply all Actions button (*** This must done before saving the report ***)
    • When the program has finished, it will display the message All actions have been applied.
    • Then click the Save Scan Report button.
    • Click the Save Report as button.
    • Save the report to your Desktop.
  • Right-click the AVG Tray Icon and select Exit.

Please post the contents of AWF.TXT, The AVG AntiSpyware Report, and a new HijackThis(reveal.exe) log.
askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 14025
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA
Advertisement
Register to Remove

PreviousNext

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 288 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware