Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

about blank


  • Please log in to reply

#16
johncstx

johncstx

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts

Hey johncstx

I've modified the batch slightly - it should work this time ( cross your fingers :whistling: )

Downloader.Agent.awf:

Please launch Notepad (Start > Run, type in: notepad)
Copy/paste all the text below to it:

rmdir "C:\PROGRA~1\AMERIC~1.0\BAK" /S /Q 

if exist "C:\PROGRA~1\HITWAR~1\HitwarePKLite.exe" 
move "C:\PROGRA~1\HITWAR~1\BAK\HitwarePKLite.exe" "C:\PROGRA~1\HITWAR~1"
rmdir "C:\PROGRA~1\HITWAR~1\BAK" /S /Q 

if exist "C:\PROGRA~1\MIAF83~1\gcasServ.exe" 
move "C:\PROGRA~1\MIAF83~1\BAK\gcasServ.exe" "C:\PROGRA~1\MIAF83~1"
rmdir "C:\PROGRA~1\MIAF83~1\BAK" /S /Q 

if exist "C:\PROGRA~1\QUICKT~1\qttask.exe" 
move "C:\PROGRA~1\QUICKT~1\BAK\qttask.exe" "C:\PROGRA~1\QUICKT~1"
rmdir "C:\PROGRA~1\QUICKT~1\BAK" /S /Q 

if exist "C:\WINDOWS\SYSTEM32\ctfmon.exe" 
move "C:\WINDOWS\SYSTEM32\BAK\ctfmon.exe" "C:\WINDOWS\SYSTEM32"
rmdir "C:\WINDOWS\SYSTEM32\BAK" /S /Q 

if exist "C:\WINDOWS\SYSTEM32\hkcmd.exe" 
move "C:\WINDOWS\SYSTEM32\BAK\hkcmd.exe" "C:\WINDOWS\SYSTEM32"
rmdir "C:\WINDOWS\SYSTEM32\BAK" /S /Q 

if exist "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" 
move "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\bak\DirectCD.exe" "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD"
rmdir "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\bak" /S /Q 

if exist "C:\WINDOWS\SYSTEM32\hphmon05.exe" 
move "C:\WINDOWS\SYSTEM32\BAK\hphmon05.exe" "C:\WINDOWS\SYSTEM32"
rmdir "C:\WINDOWS\SYSTEM32\BAK" /S /Q 

if exist "C:\WINDOWS\SYSTEM32\igfxtray.exe" 
move "C:\WINDOWS\SYSTEM32\BAK\igfxtray.exe" "C:\WINDOWS\SYSTEM32"
rmdir "C:\WINDOWS\SYSTEM32\BAK" /S /Q 

if exist "C:\PROGRA~1\HEWLET~1\HPSOFT~1\HPWuSchd2.exe" 
move "C:\PROGRA~1\HEWLET~1\HPSOFT~1\BAK\HPWuSchd2.exe" "C:\PROGRA~1\HEWLET~1\HPSOFT~1"
rmdir "C:\PROGRA~1\HEWLET~1\HPSOFT~1\BAK" /S /Q 

if exist "C:\PROGRA~1\HEWLET~1\{D9466~1\hphupd05.exe" 
move "C:\PROGRA~1\HEWLET~1\{D9466~1\BAK\hphupd05.exe" "C:\PROGRA~1\HEWLET~1\{D9466~1"
rmdir "C:\PROGRA~1\HEWLET~1\{D9466~1\BAK" /S /Q 

if exist "C:\PROGRA~1\HP\HPCORE~1\hpcmpmgr.exe" 
move "C:\PROGRA~1\HP\HPCORE~1\BAK\hpcmpmgr.exe" "C:\PROGRA~1\HP\HPCORE~1"
rmdir "C:\PROGRA~1\HP\HPCORE~1\BAK" /S /Q 

if exist "C:\PROGRA~1\MCAFEE.COM\PERSON~1\MPfTray.exe" 
move "C:\PROGRA~1\MCAFEE.COM\PERSON~1\BAK\MPfTray.exe" "C:\PROGRA~1\MCAFEE.COM\PERSON~1"
rmdir "C:\PROGRA~1\MCAFEE.COM\PERSON~1\BAK" /S /Q 

if exist "C:\PROGRA~1\REAL\REALPL~1\RealPlay.exe" 
move "C:\PROGRA~1\REAL\REALPL~1\BAK\RealPlay.exe" "C:\PROGRA~1\REAL\REALPL~1"
rmdir "C:\PROGRA~1\REAL\REALPL~1\BAK" /S /Q 

if exist "C:\PROGRA~1\YAHOO!\MESSEN~1\YahooMessenger.exe" 
move "C:\PROGRA~1\YAHOO!\MESSEN~1\BAK\YahooMessenger.exe" "C:\PROGRA~1\YAHOO!\MESSEN~1"
rmdir "C:\PROGRA~1\YAHOO!\MESSEN~1\BAK" /S /Q 

if exist "C:\PROGRA~1\COMMON~1\AOL\ACS\AOLDial.exe" 
move "C:\PROGRA~1\COMMON~1\AOL\ACS\BAK\AOLDial.exe" "C:\PROGRA~1\COMMON~1\AOL\ACS"
rmdir "C:\PROGRA~1\COMMON~1\AOL\ACS\BAK" /S /Q 

if exist "C:\PROGRA~1\GOOGLE\GOOGLE~1\10720~1.364\GoogleToolbarNotifier.exe" 
move "C:\PROGRA~1\GOOGLE\GOOGLE~1\10720~1.364\BAK\GoogleToolbarNotifier.exe" "C:\PROGRA~1\GOOGLE\GOOGLE~1\10720~1.364"
rmdir "C:\PROGRA~1\GOOGLE\GOOGLE~1\10720~1.364\BAK" /S /Q 

if exist "C:\PROGRA~1\HEWLET~1\PHOTOS~1\PHOTOI~1\Hpi_Monitor.exe" 
move "C:\PROGRA~1\HEWLET~1\PHOTOS~1\PHOTOI~1\BAK\Hpi_Monitor.exe" "C:\PROGRA~1\HEWLET~1\PHOTOS~1\PHOTOI~1"
rmdir "C:\PROGRA~1\HEWLET~1\PHOTOS~1\PHOTOI~1\BAK" /S /Q 

if exist "C:\PROGRA~1\JAVA\JRE15~1.0_0\BIN\jusched.exe" 
move "C:\PROGRA~1\JAVA\JRE15~1.0_0\BIN\BAK\jusched.exe" "C:\PROGRA~1\JAVA\JRE15~1.0_0\BIN\jusched.exe"
rmdir "C:\PROGRA~1\JAVA\JRE15~1.0_0\BIN\BAK" /S /Q 

if exist "C:\PROGRA~1\COMMON~1\AOL\114480~1\EE\AOLSoftware.exe" 
move "C:\PROGRA~1\COMMON~1\AOL\114480~1\EE\BAK\AOLSoftware.exe" "C:\PROGRA~1\COMMON~1\AOL\114480~1\EE"
rmdir "C:\PROGRA~1\COMMON~1\AOL\114480~1\EE\BAK" /S /Q 

if exist "C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\2\printray.exe" 
move "C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\2\BAK\printray.exe" "C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\2"
rmdir "C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\2\BAK" /S /Q 

if exist "C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\hpztsb09.exe" 
move "C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\BAK\hpztsb09.exe" "C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3"
rmdir "C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\BAK" /S /Q 

if exist "C:\PROGRA~1\COMMON~1\AOL\114480~1\EE\SERVICES\SSCFIR~1\VER1_2~1\SSCRun.exe" 
move "C:\PROGRA~1\COMMON~1\AOL\114480~1\EE\SERVICES\SSCFIR~1\VER1_2~1\BAK\SSCRun.exe" "C:\PROGRA~1\COMMON~1\AOL\114480~1\EE\SERVICES\SSCFIR~1\VER1_2~1"
rmdir "C:\PROGRA~1\COMMON~1\AOL\114480~1\EE\SERVICES\SSCFIR~1\VER1_2~1\BAK" /S /Q 

del 123.bat

In Notepad, go to File (upper menu bar), and select: Save as
In the Save as prompt:
Save in: Desktop
File Name: "123.bat"
Save as Type: All files
Click: Save
Exit out of Notepad.

Next, on the Desktop, double click on bakfile.bat


====
Also, please run the following:

1. DelDomains
http://www.mvps.org/.../DelDomains.inf
To delete all entries in the Restricted & Trusted Zone list, right click DelDomains.inf
Select: Install

2. ResetProtocolDefaults
http://www.mvps.org/...colDefaults.reg
Right click the link, save target as or save link as, and save to the Desktop.

Locate ResetProtocolDefaults.reg on the Desktop
Right-click and select: Merge
OK the prompt

Please can you then run the Downloader.Agent.awf tool again (see post 11). Post the log back here.



Here is the new log. Also i do not have a anti-virus running yet i had to disable it so i could run some of these programs i had it through macafee. should i enable it again now or not until we are done?


Find AWF report by noahdfear ©2006


21504 byte files found
~~~~~~~~~~~~~



21504 byte files sorted with strings
~~~~~~~~~~~~~~~~~~~~~



25600 byte files found
~~~~~~~~~~~~~

25600 "C:\Program Files\Hitware Popup Killer Lite 3\HitwarePKLite.exe"
25600 "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
25600 "C:\Program Files\QuickTime\qttask.exe"
25600 "C:\WINDOWS\SYSTEM32\hkcmd.exe"
25600 "C:\WINDOWS\SYSTEM32\hphmon05.exe"
25600 "C:\WINDOWS\SYSTEM32\igfxtray.exe"
25600 "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
25600 "C:\Program Files\Hewlett-Packard\{D946675D-1D6C-4dc8-9E0D-B4B8EAA30EAA}\hphupd05.exe"
25600 "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
25600 "C:\Program Files\McAfee.com\personal firewall\MPfTray.exe"
25600 "C:\Program Files\Pure Networks\Port Magic\PortAOL.exe"
25600 "C:\Program Files\Real\RealPlayer\RealPlay.exe"
25600 "C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe"
25600 "C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe"
25600 "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
25600 "C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\2\printray.exe"
25600 "C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\hpztsb09.exe"
25600 "C:\Program Files\Common Files\AOL\1144807810\EE\services\sscFirewallPlugin\ver1_210_2_1\SSCRun.exe"


25600 byte files sorted with strings
~~~~~~~~~~~~~~~~~~~~~

C:\Program Files\Hitware Popup Killer Lite 3\HitwarePKLite.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\SYSTEM32\hkcmd.exe
C:\WINDOWS\SYSTEM32\hphmon05.exe
C:\WINDOWS\SYSTEM32\igfxtray.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\Hewlett-Packard\{D946675D-1D6C-4dc8-9E0D-B4B8EAA30EAA}\hphupd05.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\McAfee.com\personal firewall\MPfTray.exe
C:\Program Files\Pure Networks\Port Magic\PortAOL.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\2\printray.exe
C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\hpztsb09.exe
C:\Program Files\Common Files\AOL\1144807810\EE\services\sscFirewallPlugin\ver1_210_2_1\SSCRun.exe


26450 byte files found
~~~~~~~~~~~~~



26450 byte files sorted with strings
~~~~~~~~~~~~~~~~~~~~~



bak folders found
~~~~~~~~~~~


Directory of C:\PROGRA~1\HITWAR~1\BAK

03/25/2004 05:14 PM 178,176 HitwarePKLite.exe
1 File(s) 178,176 bytes

Directory of C:\PROGRA~1\MIAF83~1\BAK

11/15/2005 12:12 PM 473,928 gcasServ.exe
1 File(s) 473,928 bytes

Directory of C:\PROGRA~1\QUICKT~1\BAK

09/17/2004 11:43 PM 98,304 qttask.exe
1 File(s) 98,304 bytes

Directory of C:\WINDOWS\SYSTEM32\BAK

08/18/2001 07:00 AM 13,312 ctfmon.exe
06/19/2002 02:05 PM 114,688 hkcmd.exe
02/02/2004 02:41 AM 495,616 hphmon05.exe
06/19/2002 02:14 PM 155,648 igfxtray.exe
4 File(s) 779,264 bytes

Directory of C:\PROGRA~1\HEWLET~1\HPSOFT~1\BAK

12/05/2003 02:41 PM 49,152 HPWuSchd2.exe
1 File(s) 49,152 bytes

Directory of C:\PROGRA~1\HEWLET~1\{D9466~1\BAK

11/12/2003 07:23 AM 49,152 hphupd05.exe
1 File(s) 49,152 bytes

Directory of C:\PROGRA~1\HP\HPCORE~1\BAK

12/22/2003 07:38 AM 241,664 hpcmpmgr.exe
1 File(s) 241,664 bytes

Directory of C:\PROGRA~1\MCAFEE.COM\PERSON~1\BAK

03/07/2006 02:05 PM 992,808 MPfTray.exe
1 File(s) 992,808 bytes

Directory of C:\PROGRA~1\PURENE~1\PORTMA~1\BAK

04/05/2004 03:33 PM 99,480 PortAOL.exe
1 File(s) 99,480 bytes

Directory of C:\PROGRA~1\REAL\REALPL~1\BAK

07/06/2003 04:38 PM 26,112 RealPlay.exe
1 File(s) 26,112 bytes

Directory of C:\PROGRA~1\YAHOO!\MESSEN~1\BAK

05/02/2006 02:51 PM 3,334,144 YahooMessenger.exe
1 File(s) 3,334,144 bytes

Directory of C:\PROGRA~1\COMMON~1\AOL\ACS\BAK

04/18/2005 12:38 PM 71,256 AOLDial.exe
1 File(s) 71,256 bytes

Directory of C:\PROGRA~1\GOOGLE\GOOGLE~1\10720~1.364\BAK

09/24/2006 02:50 AM 155,896 GoogleToolbarNotifier.exe
1 File(s) 155,896 bytes

Directory of C:\PROGRA~1\HEWLET~1\PHOTOS~1\PHOTOI~1\BAK

08/14/2000 03:48 PM 32,768 Hpi_Monitor.exe
1 File(s) 32,768 bytes

Directory of C:\PROGRA~1\JAVA\JRE15~1.0_0\BIN\BAK

07/26/2006 02:03 AM 49,263 jusched.exe
1 File(s) 49,263 bytes


04/10/2002 04:44 PM 679,936 DirectCD.exe
1 File(s) 679,936 bytes

Directory of C:\PROGRA~1\COMMON~1\AOL\114480~1\EE\BAK

04/20/2006 11:10 AM 50,792 AOLSoftware.exe
1 File(s) 50,792 bytes

Directory of C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\2\BAK

03/27/2001 02:45 AM 36,864 printray.exe
1 File(s) 36,864 bytes

Directory of C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\BAK

12/04/2003 06:44 AM 176,128 hpztsb09.exe
1 File(s) 176,128 bytes

Directory of C:\PROGRA~1\COMMON~1\AOL\114480~1\EE\SERVICES\SSCFIR~1\VER1_2~1\BAK

08/04/2006 07:13 AM 140,880 SSCRun.exe
1 File(s) 140,880 bytes


Duplicate files of bak directory contents
~~~~~~~~~~~~~~~~~~~~~~~

25600 Oct 10 2006 "C:\Program Files\Hitware Popup Killer Lite 3\HitwarePKLite.exe"
178176 Mar 25 2004 "C:\Program Files\Hitware Popup Killer Lite 3\bak\HitwarePKLite.exe"
25600 Oct 10 2006 "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
473928 Nov 15 2005 "C:\Program Files\Microsoft AntiSpyware\bak\gcasServ.exe"
25600 Oct 10 2006 "C:\Program Files\QuickTime\qttask.exe"
98304 Sep 17 2004 "C:\Program Files\QuickTime\bak\qttask.exe"
13312 Aug 29 2002 "C:\WINDOWS\SYSTEM32\ctfmon.exe"
13312 Aug 18 2001 "C:\WINDOWS\SYSTEM32\bak\ctfmon.exe"
114688 Jun 19 2002 "C:\DRIVERS\VIDEO\HKCMD.EXE"
25600 Oct 10 2006 "C:\WINDOWS\SYSTEM32\hkcmd.exe"
114688 Jun 19 2002 "C:\WINDOWS\SYSTEM32\bak\hkcmd.exe"
114688 Jun 19 2002 "C:\WINDOWS\SYSTEM32\ReinstallBackups\0000\DriverFiles\hkcmd.exe"
25600 Oct 10 2006 "C:\WINDOWS\SYSTEM32\hphmon05.exe"
495616 Feb 2 2004 "C:\WINDOWS\SYSTEM32\bak\hphmon05.exe"
155648 Jun 19 2002 "C:\DRIVERS\VIDEO\IGFXTRAY.EXE"
25600 Oct 10 2006 "C:\WINDOWS\SYSTEM32\igfxtray.exe"
155648 Jun 19 2002 "C:\WINDOWS\SYSTEM32\bak\igfxtray.exe"
155648 Jun 19 2002 "C:\WINDOWS\SYSTEM32\ReinstallBackups\0000\DriverFiles\igfxtray.exe"
25600 Oct 10 2006 "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
49152 Dec 5 2003 "C:\Program Files\Hewlett-Packard\HP Software Update\bak\HPWuSchd2.exe"
25600 Oct 10 2006 "C:\Program Files\Hewlett-Packard\{D946675D-1D6C-4dc8-9E0D-B4B8EAA30EAA}\hphupd05.exe"
49152 Nov 12 2003 "C:\Program Files\Hewlett-Packard\{D946675D-1D6C-4dc8-9E0D-B4B8EAA30EAA}\bak\hphupd05.exe"
25600 Oct 10 2006 "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
241664 Dec 22 2003 "C:\Program Files\HP\hpcoretech\bak\hpcmpmgr.exe"
25600 Oct 10 2006 "C:\Program Files\McAfee.com\personal firewall\MPfTray.exe"
992808 Mar 7 2006 "C:\Program Files\McAfee.com\personal firewall\bak\MPfTray.exe"
25600 Oct 10 2006 "C:\Program Files\Pure Networks\Port Magic\PortAOL.exe"
99480 Apr 5 2004 "C:\Program Files\Pure Networks\Port Magic\bak\PortAOL.exe"
25600 Oct 10 2006 "C:\Program Files\Real\RealPlayer\RealPlay.exe"
26112 Jul 6 2003 "C:\Program Files\Real\RealPlayer\bak\RealPlay.exe"
4621816 Sep 13 2006 "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"
3334144 May 2 2006 "C:\Program Files\Yahoo!\Messenger\bak\YahooMessenger.exe"
71256 Apr 18 2005 "C:\Program Files\Common Files\AOL\ACS\AOLDial.exe"
71256 Apr 18 2005 "C:\Program Files\Common Files\AOL\ACS\bak\AOLDial.exe"
61440 Sep 14 2006 "C:\Program Files\Google\Google Earth\googleearth.exe"
25600 Oct 10 2006 "C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe"
155896 Sep 24 2006 "C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\bak\GoogleToolbarNotifier.exe"
25600 Oct 10 2006 "C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe"
32768 Aug 14 2000 "C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Imaging\bak\Hpi_Monitor.exe"
49263 Oct 12 2006 "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
49263 Jul 26 2006 "C:\Program Files\Java\jre1.5.0_08\bin\bak\jusched.exe"
25600 Oct 10 2006 "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
679936 Apr 10 2002 "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\bak\DirectCD.exe"
50760 Sep 29 2006 "C:\Program Files\AOL\RC\EE\aolsoftware.exe"
50760 May 9 2006 "C:\Program Files\Common Files\AOL\1144807810\EE\AOLSoftware.exe"
50792 Apr 20 2006 "C:\Program Files\Common Files\AOL\1144807810\EE\bak\AOLSoftware.exe"
36864 Mar 27 2001 "C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\printray.exe"
25600 Oct 10 2006 "C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\2\printray.exe"
36864 Mar 27 2001 "C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\2\bak\printray.exe"
25600 Oct 10 2006 "C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\hpztsb09.exe"
176128 Dec 4 2003 "C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\bak\hpztsb09.exe"
25600 Oct 10 2006 "C:\Program Files\Common Files\AOL\1144807810\EE\services\sscFirewallPlugin\ver1_210_2_1\SSCRun.exe"
140880 Aug 4 2006 "C:\Program Files\Common Files\AOL\1144807810\EE\services\sscFirewallPlugin\ver1_210_2_1\bak\SSCRun.exe"


end of report
  • 0

Advertisements


#17
johncstx

johncstx

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts

Hey johncstx

I've modified the batch slightly - it should work this time ( cross your fingers :whistling: )

Downloader.Agent.awf:

Please launch Notepad (Start > Run, type in: notepad)
Copy/paste all the text below to it:

rmdir "C:\PROGRA~1\AMERIC~1.0\BAK" /S /Q 

if exist "C:\PROGRA~1\HITWAR~1\HitwarePKLite.exe" 
move "C:\PROGRA~1\HITWAR~1\BAK\HitwarePKLite.exe" "C:\PROGRA~1\HITWAR~1"
rmdir "C:\PROGRA~1\HITWAR~1\BAK" /S /Q 

if exist "C:\PROGRA~1\MIAF83~1\gcasServ.exe" 
move "C:\PROGRA~1\MIAF83~1\BAK\gcasServ.exe" "C:\PROGRA~1\MIAF83~1"
rmdir "C:\PROGRA~1\MIAF83~1\BAK" /S /Q 

if exist "C:\PROGRA~1\QUICKT~1\qttask.exe" 
move "C:\PROGRA~1\QUICKT~1\BAK\qttask.exe" "C:\PROGRA~1\QUICKT~1"
rmdir "C:\PROGRA~1\QUICKT~1\BAK" /S /Q 

if exist "C:\WINDOWS\SYSTEM32\ctfmon.exe" 
move "C:\WINDOWS\SYSTEM32\BAK\ctfmon.exe" "C:\WINDOWS\SYSTEM32"
rmdir "C:\WINDOWS\SYSTEM32\BAK" /S /Q 

if exist "C:\WINDOWS\SYSTEM32\hkcmd.exe" 
move "C:\WINDOWS\SYSTEM32\BAK\hkcmd.exe" "C:\WINDOWS\SYSTEM32"
rmdir "C:\WINDOWS\SYSTEM32\BAK" /S /Q 

if exist "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" 
move "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\bak\DirectCD.exe" "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD"
rmdir "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\bak" /S /Q 

if exist "C:\WINDOWS\SYSTEM32\hphmon05.exe" 
move "C:\WINDOWS\SYSTEM32\BAK\hphmon05.exe" "C:\WINDOWS\SYSTEM32"
rmdir "C:\WINDOWS\SYSTEM32\BAK" /S /Q 

if exist "C:\WINDOWS\SYSTEM32\igfxtray.exe" 
move "C:\WINDOWS\SYSTEM32\BAK\igfxtray.exe" "C:\WINDOWS\SYSTEM32"
rmdir "C:\WINDOWS\SYSTEM32\BAK" /S /Q 

if exist "C:\PROGRA~1\HEWLET~1\HPSOFT~1\HPWuSchd2.exe" 
move "C:\PROGRA~1\HEWLET~1\HPSOFT~1\BAK\HPWuSchd2.exe" "C:\PROGRA~1\HEWLET~1\HPSOFT~1"
rmdir "C:\PROGRA~1\HEWLET~1\HPSOFT~1\BAK" /S /Q 

if exist "C:\PROGRA~1\HEWLET~1\{D9466~1\hphupd05.exe" 
move "C:\PROGRA~1\HEWLET~1\{D9466~1\BAK\hphupd05.exe" "C:\PROGRA~1\HEWLET~1\{D9466~1"
rmdir "C:\PROGRA~1\HEWLET~1\{D9466~1\BAK" /S /Q 

if exist "C:\PROGRA~1\HP\HPCORE~1\hpcmpmgr.exe" 
move "C:\PROGRA~1\HP\HPCORE~1\BAK\hpcmpmgr.exe" "C:\PROGRA~1\HP\HPCORE~1"
rmdir "C:\PROGRA~1\HP\HPCORE~1\BAK" /S /Q 

if exist "C:\PROGRA~1\MCAFEE.COM\PERSON~1\MPfTray.exe" 
move "C:\PROGRA~1\MCAFEE.COM\PERSON~1\BAK\MPfTray.exe" "C:\PROGRA~1\MCAFEE.COM\PERSON~1"
rmdir "C:\PROGRA~1\MCAFEE.COM\PERSON~1\BAK" /S /Q 

if exist "C:\PROGRA~1\REAL\REALPL~1\RealPlay.exe" 
move "C:\PROGRA~1\REAL\REALPL~1\BAK\RealPlay.exe" "C:\PROGRA~1\REAL\REALPL~1"
rmdir "C:\PROGRA~1\REAL\REALPL~1\BAK" /S /Q 

if exist "C:\PROGRA~1\YAHOO!\MESSEN~1\YahooMessenger.exe" 
move "C:\PROGRA~1\YAHOO!\MESSEN~1\BAK\YahooMessenger.exe" "C:\PROGRA~1\YAHOO!\MESSEN~1"
rmdir "C:\PROGRA~1\YAHOO!\MESSEN~1\BAK" /S /Q 

if exist "C:\PROGRA~1\COMMON~1\AOL\ACS\AOLDial.exe" 
move "C:\PROGRA~1\COMMON~1\AOL\ACS\BAK\AOLDial.exe" "C:\PROGRA~1\COMMON~1\AOL\ACS"
rmdir "C:\PROGRA~1\COMMON~1\AOL\ACS\BAK" /S /Q 

if exist "C:\PROGRA~1\GOOGLE\GOOGLE~1\10720~1.364\GoogleToolbarNotifier.exe" 
move "C:\PROGRA~1\GOOGLE\GOOGLE~1\10720~1.364\BAK\GoogleToolbarNotifier.exe" "C:\PROGRA~1\GOOGLE\GOOGLE~1\10720~1.364"
rmdir "C:\PROGRA~1\GOOGLE\GOOGLE~1\10720~1.364\BAK" /S /Q 

if exist "C:\PROGRA~1\HEWLET~1\PHOTOS~1\PHOTOI~1\Hpi_Monitor.exe" 
move "C:\PROGRA~1\HEWLET~1\PHOTOS~1\PHOTOI~1\BAK\Hpi_Monitor.exe" "C:\PROGRA~1\HEWLET~1\PHOTOS~1\PHOTOI~1"
rmdir "C:\PROGRA~1\HEWLET~1\PHOTOS~1\PHOTOI~1\BAK" /S /Q 

if exist "C:\PROGRA~1\JAVA\JRE15~1.0_0\BIN\jusched.exe" 
move "C:\PROGRA~1\JAVA\JRE15~1.0_0\BIN\BAK\jusched.exe" "C:\PROGRA~1\JAVA\JRE15~1.0_0\BIN\jusched.exe"
rmdir "C:\PROGRA~1\JAVA\JRE15~1.0_0\BIN\BAK" /S /Q 

if exist "C:\PROGRA~1\COMMON~1\AOL\114480~1\EE\AOLSoftware.exe" 
move "C:\PROGRA~1\COMMON~1\AOL\114480~1\EE\BAK\AOLSoftware.exe" "C:\PROGRA~1\COMMON~1\AOL\114480~1\EE"
rmdir "C:\PROGRA~1\COMMON~1\AOL\114480~1\EE\BAK" /S /Q 

if exist "C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\2\printray.exe" 
move "C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\2\BAK\printray.exe" "C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\2"
rmdir "C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\2\BAK" /S /Q 

if exist "C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\hpztsb09.exe" 
move "C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\BAK\hpztsb09.exe" "C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3"
rmdir "C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\BAK" /S /Q 

if exist "C:\PROGRA~1\COMMON~1\AOL\114480~1\EE\SERVICES\SSCFIR~1\VER1_2~1\SSCRun.exe" 
move "C:\PROGRA~1\COMMON~1\AOL\114480~1\EE\SERVICES\SSCFIR~1\VER1_2~1\BAK\SSCRun.exe" "C:\PROGRA~1\COMMON~1\AOL\114480~1\EE\SERVICES\SSCFIR~1\VER1_2~1"
rmdir "C:\PROGRA~1\COMMON~1\AOL\114480~1\EE\SERVICES\SSCFIR~1\VER1_2~1\BAK" /S /Q 

del 123.bat

In Notepad, go to File (upper menu bar), and select: Save as
In the Save as prompt:
Save in: Desktop
File Name: "123.bat"
Save as Type: All files
Click: Save
Exit out of Notepad.

Next, on the Desktop, double click on bakfile.bat


====
Also, please run the following:

1. DelDomains
http://www.mvps.org/.../DelDomains.inf
To delete all entries in the Restricted & Trusted Zone list, right click DelDomains.inf
Select: Install

2. ResetProtocolDefaults
http://www.mvps.org/...colDefaults.reg
Right click the link, save target as or save link as, and save to the Desktop.

Locate ResetProtocolDefaults.reg on the Desktop
Right-click and select: Merge
OK the prompt

Please can you then run the Downloader.Agent.awf tool again (see post 11). Post the log back here.



Here is the new log. Also i do not have a anti-virus running yet i had to disable it so i could run some of these programs i had it through macafee. should i enable it again now or not until we are done? I have not used the computer except to work with you so i dont think any new viruses have been taken on.


Find AWF report by noahdfear ©2006


21504 byte files found
~~~~~~~~~~~~~



21504 byte files sorted with strings
~~~~~~~~~~~~~~~~~~~~~



25600 byte files found
~~~~~~~~~~~~~

25600 "C:\Program Files\Hitware Popup Killer Lite 3\HitwarePKLite.exe"
25600 "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
25600 "C:\Program Files\QuickTime\qttask.exe"
25600 "C:\WINDOWS\SYSTEM32\hkcmd.exe"
25600 "C:\WINDOWS\SYSTEM32\hphmon05.exe"
25600 "C:\WINDOWS\SYSTEM32\igfxtray.exe"
25600 "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
25600 "C:\Program Files\Hewlett-Packard\{D946675D-1D6C-4dc8-9E0D-B4B8EAA30EAA}\hphupd05.exe"
25600 "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
25600 "C:\Program Files\McAfee.com\personal firewall\MPfTray.exe"
25600 "C:\Program Files\Pure Networks\Port Magic\PortAOL.exe"
25600 "C:\Program Files\Real\RealPlayer\RealPlay.exe"
25600 "C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe"
25600 "C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe"
25600 "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
25600 "C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\2\printray.exe"
25600 "C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\hpztsb09.exe"
25600 "C:\Program Files\Common Files\AOL\1144807810\EE\services\sscFirewallPlugin\ver1_210_2_1\SSCRun.exe"


25600 byte files sorted with strings
~~~~~~~~~~~~~~~~~~~~~

C:\Program Files\Hitware Popup Killer Lite 3\HitwarePKLite.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\SYSTEM32\hkcmd.exe
C:\WINDOWS\SYSTEM32\hphmon05.exe
C:\WINDOWS\SYSTEM32\igfxtray.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\Hewlett-Packard\{D946675D-1D6C-4dc8-9E0D-B4B8EAA30EAA}\hphupd05.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\McAfee.com\personal firewall\MPfTray.exe
C:\Program Files\Pure Networks\Port Magic\PortAOL.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\2\printray.exe
C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\hpztsb09.exe
C:\Program Files\Common Files\AOL\1144807810\EE\services\sscFirewallPlugin\ver1_210_2_1\SSCRun.exe


26450 byte files found
~~~~~~~~~~~~~



26450 byte files sorted with strings
~~~~~~~~~~~~~~~~~~~~~



bak folders found
~~~~~~~~~~~


Directory of C:\PROGRA~1\HITWAR~1\BAK

03/25/2004 05:14 PM 178,176 HitwarePKLite.exe
1 File(s) 178,176 bytes

Directory of C:\PROGRA~1\MIAF83~1\BAK

11/15/2005 12:12 PM 473,928 gcasServ.exe
1 File(s) 473,928 bytes

Directory of C:\PROGRA~1\QUICKT~1\BAK

09/17/2004 11:43 PM 98,304 qttask.exe
1 File(s) 98,304 bytes

Directory of C:\WINDOWS\SYSTEM32\BAK

08/18/2001 07:00 AM 13,312 ctfmon.exe
06/19/2002 02:05 PM 114,688 hkcmd.exe
02/02/2004 02:41 AM 495,616 hphmon05.exe
06/19/2002 02:14 PM 155,648 igfxtray.exe
4 File(s) 779,264 bytes

Directory of C:\PROGRA~1\HEWLET~1\HPSOFT~1\BAK

12/05/2003 02:41 PM 49,152 HPWuSchd2.exe
1 File(s) 49,152 bytes

Directory of C:\PROGRA~1\HEWLET~1\{D9466~1\BAK

11/12/2003 07:23 AM 49,152 hphupd05.exe
1 File(s) 49,152 bytes

Directory of C:\PROGRA~1\HP\HPCORE~1\BAK

12/22/2003 07:38 AM 241,664 hpcmpmgr.exe
1 File(s) 241,664 bytes

Directory of C:\PROGRA~1\MCAFEE.COM\PERSON~1\BAK

03/07/2006 02:05 PM 992,808 MPfTray.exe
1 File(s) 992,808 bytes

Directory of C:\PROGRA~1\PURENE~1\PORTMA~1\BAK

04/05/2004 03:33 PM 99,480 PortAOL.exe
1 File(s) 99,480 bytes

Directory of C:\PROGRA~1\REAL\REALPL~1\BAK

07/06/2003 04:38 PM 26,112 RealPlay.exe
1 File(s) 26,112 bytes

Directory of C:\PROGRA~1\YAHOO!\MESSEN~1\BAK

05/02/2006 02:51 PM 3,334,144 YahooMessenger.exe
1 File(s) 3,334,144 bytes

Directory of C:\PROGRA~1\COMMON~1\AOL\ACS\BAK

04/18/2005 12:38 PM 71,256 AOLDial.exe
1 File(s) 71,256 bytes

Directory of C:\PROGRA~1\GOOGLE\GOOGLE~1\10720~1.364\BAK

09/24/2006 02:50 AM 155,896 GoogleToolbarNotifier.exe
1 File(s) 155,896 bytes

Directory of C:\PROGRA~1\HEWLET~1\PHOTOS~1\PHOTOI~1\BAK

08/14/2000 03:48 PM 32,768 Hpi_Monitor.exe
1 File(s) 32,768 bytes

Directory of C:\PROGRA~1\JAVA\JRE15~1.0_0\BIN\BAK

07/26/2006 02:03 AM 49,263 jusched.exe
1 File(s) 49,263 bytes


04/10/2002 04:44 PM 679,936 DirectCD.exe
1 File(s) 679,936 bytes

Directory of C:\PROGRA~1\COMMON~1\AOL\114480~1\EE\BAK

04/20/2006 11:10 AM 50,792 AOLSoftware.exe
1 File(s) 50,792 bytes

Directory of C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\2\BAK

03/27/2001 02:45 AM 36,864 printray.exe
1 File(s) 36,864 bytes

Directory of C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\BAK

12/04/2003 06:44 AM 176,128 hpztsb09.exe
1 File(s) 176,128 bytes

Directory of C:\PROGRA~1\COMMON~1\AOL\114480~1\EE\SERVICES\SSCFIR~1\VER1_2~1\BAK

08/04/2006 07:13 AM 140,880 SSCRun.exe
1 File(s) 140,880 bytes


Duplicate files of bak directory contents
~~~~~~~~~~~~~~~~~~~~~~~

25600 Oct 10 2006 "C:\Program Files\Hitware Popup Killer Lite 3\HitwarePKLite.exe"
178176 Mar 25 2004 "C:\Program Files\Hitware Popup Killer Lite 3\bak\HitwarePKLite.exe"
25600 Oct 10 2006 "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
473928 Nov 15 2005 "C:\Program Files\Microsoft AntiSpyware\bak\gcasServ.exe"
25600 Oct 10 2006 "C:\Program Files\QuickTime\qttask.exe"
98304 Sep 17 2004 "C:\Program Files\QuickTime\bak\qttask.exe"
13312 Aug 29 2002 "C:\WINDOWS\SYSTEM32\ctfmon.exe"
13312 Aug 18 2001 "C:\WINDOWS\SYSTEM32\bak\ctfmon.exe"
114688 Jun 19 2002 "C:\DRIVERS\VIDEO\HKCMD.EXE"
25600 Oct 10 2006 "C:\WINDOWS\SYSTEM32\hkcmd.exe"
114688 Jun 19 2002 "C:\WINDOWS\SYSTEM32\bak\hkcmd.exe"
114688 Jun 19 2002 "C:\WINDOWS\SYSTEM32\ReinstallBackups\0000\DriverFiles\hkcmd.exe"
25600 Oct 10 2006 "C:\WINDOWS\SYSTEM32\hphmon05.exe"
495616 Feb 2 2004 "C:\WINDOWS\SYSTEM32\bak\hphmon05.exe"
155648 Jun 19 2002 "C:\DRIVERS\VIDEO\IGFXTRAY.EXE"
25600 Oct 10 2006 "C:\WINDOWS\SYSTEM32\igfxtray.exe"
155648 Jun 19 2002 "C:\WINDOWS\SYSTEM32\bak\igfxtray.exe"
155648 Jun 19 2002 "C:\WINDOWS\SYSTEM32\ReinstallBackups\0000\DriverFiles\igfxtray.exe"
25600 Oct 10 2006 "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
49152 Dec 5 2003 "C:\Program Files\Hewlett-Packard\HP Software Update\bak\HPWuSchd2.exe"
25600 Oct 10 2006 "C:\Program Files\Hewlett-Packard\{D946675D-1D6C-4dc8-9E0D-B4B8EAA30EAA}\hphupd05.exe"
49152 Nov 12 2003 "C:\Program Files\Hewlett-Packard\{D946675D-1D6C-4dc8-9E0D-B4B8EAA30EAA}\bak\hphupd05.exe"
25600 Oct 10 2006 "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
241664 Dec 22 2003 "C:\Program Files\HP\hpcoretech\bak\hpcmpmgr.exe"
25600 Oct 10 2006 "C:\Program Files\McAfee.com\personal firewall\MPfTray.exe"
992808 Mar 7 2006 "C:\Program Files\McAfee.com\personal firewall\bak\MPfTray.exe"
25600 Oct 10 2006 "C:\Program Files\Pure Networks\Port Magic\PortAOL.exe"
99480 Apr 5 2004 "C:\Program Files\Pure Networks\Port Magic\bak\PortAOL.exe"
25600 Oct 10 2006 "C:\Program Files\Real\RealPlayer\RealPlay.exe"
26112 Jul 6 2003 "C:\Program Files\Real\RealPlayer\bak\RealPlay.exe"
4621816 Sep 13 2006 "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"
3334144 May 2 2006 "C:\Program Files\Yahoo!\Messenger\bak\YahooMessenger.exe"
71256 Apr 18 2005 "C:\Program Files\Common Files\AOL\ACS\AOLDial.exe"
71256 Apr 18 2005 "C:\Program Files\Common Files\AOL\ACS\bak\AOLDial.exe"
61440 Sep 14 2006 "C:\Program Files\Google\Google Earth\googleearth.exe"
25600 Oct 10 2006 "C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe"
155896 Sep 24 2006 "C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\bak\GoogleToolbarNotifier.exe"
25600 Oct 10 2006 "C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe"
32768 Aug 14 2000 "C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Imaging\bak\Hpi_Monitor.exe"
49263 Oct 12 2006 "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
49263 Jul 26 2006 "C:\Program Files\Java\jre1.5.0_08\bin\bak\jusched.exe"
25600 Oct 10 2006 "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
679936 Apr 10 2002 "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\bak\DirectCD.exe"
50760 Sep 29 2006 "C:\Program Files\AOL\RC\EE\aolsoftware.exe"
50760 May 9 2006 "C:\Program Files\Common Files\AOL\1144807810\EE\AOLSoftware.exe"
50792 Apr 20 2006 "C:\Program Files\Common Files\AOL\1144807810\EE\bak\AOLSoftware.exe"
36864 Mar 27 2001 "C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\printray.exe"
25600 Oct 10 2006 "C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\2\printray.exe"
36864 Mar 27 2001 "C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\2\bak\printray.exe"
25600 Oct 10 2006 "C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\hpztsb09.exe"
176128 Dec 4 2003 "C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\bak\hpztsb09.exe"
25600 Oct 10 2006 "C:\Program Files\Common Files\AOL\1144807810\EE\services\sscFirewallPlugin\ver1_210_2_1\SSCRun.exe"
140880 Aug 4 2006 "C:\Program Files\Common Files\AOL\1144807810\EE\services\sscFirewallPlugin\ver1_210_2_1\bak\SSCRun.exe"


end of report


  • 0

#18
jamielaw

jamielaw

    Member

  • Member
  • PipPipPip
  • 350 posts
Hey johncstx

Make sure your Antivirus software is always enabled!

Ive consulted with an Expert for the best method on handling this infection. So with that on my side we should be in for a winner here.

This batch needs to be run in safe mode! To do this restart your computer and continually tap the F8 key.

Make sure none of these processes are running - if they are make sure to click End Process for all of them:

C:\Program Files\Hitware Popup Killer Lite 3\HitwarePKLite.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\SYSTEM32\hkcmd.exe
C:\WINDOWS\SYSTEM32\hphmon05.exe
C:\WINDOWS\SYSTEM32\igfxtray.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\Hewlett-Packard\{D946675D-1D6C-4dc8-9E0D-B4B8EAA30EAA}\hphupd05.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\McAfee.com\personal firewall\MPfTray.exe
C:\Program Files\Pure Networks\Port Magic\PortAOL.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\2\printray.exe
C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\hpztsb09.exe
C:\Program Files\Common Files\AOL\1144807810\EE\services\sscFirewallPlugin\ver1_210_2_1\SSCRun.exe


Downloader.Agent.awf:

Please launch Notepad (Start > Run, type in: notepad)
Copy/paste all the text below to it:
if exist "C:\PROGRA~1\HITWAR~1\HitwarePKLite.exe" 
move /Y "C:\PROGRA~1\HITWAR~1\BAK\HitwarePKLite.exe" "C:\PROGRA~1\HITWAR~1"

if exist "C:\PROGRA~1\MIAF83~1\gcasServ.exe" 
move /Y "C:\PROGRA~1\MIAF83~1\BAK\gcasServ.exe" "C:\PROGRA~1\MIAF83~1"

if exist "C:\PROGRA~1\QUICKT~1\qttask.exe" 
move /Y "C:\PROGRA~1\QUICKT~1\BAK\qttask.exe" "C:\PROGRA~1\QUICKT~1"

if exist "C:\WINDOWS\SYSTEM32\hkcmd.exe" 
move /Y "C:\WINDOWS\SYSTEM32\BAK\hkcmd.exe" "C:\WINDOWS\SYSTEM32"

if exist "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" 
move /Y "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\bak\DirectCD.exe" "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD"

if exist "C:\WINDOWS\SYSTEM32\hphmon05.exe" 
move /Y "C:\WINDOWS\SYSTEM32\BAK\hphmon05.exe" "C:\WINDOWS\SYSTEM32"

if exist "C:\WINDOWS\SYSTEM32\igfxtray.exe" 
move /Y "C:\WINDOWS\SYSTEM32\BAK\igfxtray.exe" "C:\WINDOWS\SYSTEM32"

if exist "C:\PROGRA~1\HEWLET~1\HPSOFT~1\HPWuSchd2.exe" 
move /Y "C:\PROGRA~1\HEWLET~1\HPSOFT~1\BAK\HPWuSchd2.exe" "C:\PROGRA~1\HEWLET~1\HPSOFT~1"

if exist "C:\PROGRA~1\HEWLET~1\{D9466~1\hphupd05.exe" 
move /Y "C:\PROGRA~1\HEWLET~1\{D9466~1\BAK\hphupd05.exe" "C:\PROGRA~1\HEWLET~1\{D9466~1"

if exist "C:\PROGRA~1\HP\HPCORE~1\hpcmpmgr.exe" 
move /Y "C:\PROGRA~1\HP\HPCORE~1\BAK\hpcmpmgr.exe" "C:\PROGRA~1\HP\HPCORE~1"

if exist "C:\PROGRA~1\MCAFEE.COM\PERSON~1\MPfTray.exe" 
move /Y "C:\PROGRA~1\MCAFEE.COM\PERSON~1\BAK\MPfTray.exe" "C:\PROGRA~1\MCAFEE.COM\PERSON~1"

if exist "C:\PROGRA~1\REAL\REALPL~1\RealPlay.exe" 
move /Y "C:\PROGRA~1\REAL\REALPL~1\BAK\RealPlay.exe" "C:\PROGRA~1\REAL\REALPL~1"

if exist "C:\PROGRA~1\YAHOO!\MESSEN~1\YahooMessenger.exe" 
move /Y "C:\PROGRA~1\YAHOO!\MESSEN~1\BAK\YahooMessenger.exe" "C:\PROGRA~1\YAHOO!\MESSEN~1"

if exist "C:\PROGRA~1\COMMON~1\AOL\ACS\AOLDial.exe" 
move /Y "C:\PROGRA~1\COMMON~1\AOL\ACS\BAK\AOLDial.exe" "C:\PROGRA~1\COMMON~1\AOL\ACS"

if exist "C:\PROGRA~1\GOOGLE\GOOGLE~1\10720~1.364\GoogleToolbarNotifier.exe" 
move /Y "C:\PROGRA~1\GOOGLE\GOOGLE~1\10720~1.364\BAK\GoogleToolbarNotifier.exe" "C:\PROGRA~1\GOOGLE\GOOGLE~1\10720~1.364"

if exist "C:\PROGRA~1\HEWLET~1\PHOTOS~1\PHOTOI~1\Hpi_Monitor.exe" 
move /Y "C:\PROGRA~1\HEWLET~1\PHOTOS~1\PHOTOI~1\BAK\Hpi_Monitor.exe" "C:\PROGRA~1\HEWLET~1\PHOTOS~1\PHOTOI~1"

if exist "C:\PROGRA~1\JAVA\JRE15~1.0_0\BIN\jusched.exe" 
move /Y "C:\PROGRA~1\JAVA\JRE15~1.0_0\BIN\BAK\jusched.exe" "C:\PROGRA~1\JAVA\JRE15~1.0_0\BIN\jusched.exe"

if exist "C:\PROGRA~1\COMMON~1\AOL\114480~1\EE\AOLSoftware.exe" 
move /Y "C:\PROGRA~1\COMMON~1\AOL\114480~1\EE\BAK\AOLSoftware.exe" "C:\PROGRA~1\COMMON~1\AOL\114480~1\EE"

if exist "C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\2\printray.exe" 
move /Y "C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\2\BAK\printray.exe" "C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\2"

if exist "C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\hpztsb09.exe" 
move /Y "C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\BAK\hpztsb09.exe" "C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3"

if exist "C:\PROGRA~1\COMMON~1\AOL\114480~1\EE\SERVICES\SSCFIR~1\VER1_2~1\SSCRun.exe" 
move /Y "C:\PROGRA~1\COMMON~1\AOL\114480~1\EE\SERVICES\SSCFIR~1\VER1_2~1\BAK\SSCRun.exe" "C:\PROGRA~1\COMMON~1\AOL\114480~1\EE\SERVICES\SSCFIR~1\VER1_2~1"

del 123.bat

In Notepad, go to File (upper menu bar), and select: Save as
In the Save as prompt:
Save in: Desktop
File Name: "123.bat"
Save as Type: All files
Click: Save
Exit out of Notepad.

Next, on the Desktop, double click on bakfile.bat

Reboot your computer in normal windows.

====
Also, please run the following:

1. DelDomains
http://www.mvps.org/.../DelDomains.inf
To delete all entries in the Restricted & Trusted Zone list, right click DelDomains.inf
Select: Install

2. ResetProtocolDefaults
http://www.mvps.org/...colDefaults.reg
Right click the link, save target as or save link as, and save to the Desktop.

Locate ResetProtocolDefaults.reg on the Desktop
Right-click and select: Merge
OK the prompt

Please can you then run the Downloader.Agent.awf tool again (see post 11). Post the log back here.
  • 0

#19
johncstx

johncstx

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts

Hey johncstx

Make sure your Antivirus software is always enabled!

Ive consulted with an Expert for the best method on handling this infection. So with that on my side we should be in for a winner here.

This batch needs to be run in safe mode! To do this restart your computer and continually tap the F8 key.

Make sure none of these processes are running - if they are make sure to click End Process for all of them:

C:\Program Files\Hitware Popup Killer Lite 3\HitwarePKLite.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\SYSTEM32\hkcmd.exe
C:\WINDOWS\SYSTEM32\hphmon05.exe
C:\WINDOWS\SYSTEM32\igfxtray.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\Hewlett-Packard\{D946675D-1D6C-4dc8-9E0D-B4B8EAA30EAA}\hphupd05.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\McAfee.com\personal firewall\MPfTray.exe
C:\Program Files\Pure Networks\Port Magic\PortAOL.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\2\printray.exe
C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\hpztsb09.exe
C:\Program Files\Common Files\AOL\1144807810\EE\services\sscFirewallPlugin\ver1_210_2_1\SSCRun.exe


Downloader.Agent.awf:

Please launch Notepad (Start > Run, type in: notepad)
Copy/paste all the text below to it:

if exist "C:\PROGRA~1\HITWAR~1\HitwarePKLite.exe" 
move /Y "C:\PROGRA~1\HITWAR~1\BAK\HitwarePKLite.exe" "C:\PROGRA~1\HITWAR~1"

if exist "C:\PROGRA~1\MIAF83~1\gcasServ.exe" 
move /Y "C:\PROGRA~1\MIAF83~1\BAK\gcasServ.exe" "C:\PROGRA~1\MIAF83~1"

if exist "C:\PROGRA~1\QUICKT~1\qttask.exe" 
move /Y "C:\PROGRA~1\QUICKT~1\BAK\qttask.exe" "C:\PROGRA~1\QUICKT~1"

if exist "C:\WINDOWS\SYSTEM32\hkcmd.exe" 
move /Y "C:\WINDOWS\SYSTEM32\BAK\hkcmd.exe" "C:\WINDOWS\SYSTEM32"

if exist "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" 
move /Y "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\bak\DirectCD.exe" "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD"

if exist "C:\WINDOWS\SYSTEM32\hphmon05.exe" 
move /Y "C:\WINDOWS\SYSTEM32\BAK\hphmon05.exe" "C:\WINDOWS\SYSTEM32"

if exist "C:\WINDOWS\SYSTEM32\igfxtray.exe" 
move /Y "C:\WINDOWS\SYSTEM32\BAK\igfxtray.exe" "C:\WINDOWS\SYSTEM32"

if exist "C:\PROGRA~1\HEWLET~1\HPSOFT~1\HPWuSchd2.exe" 
move /Y "C:\PROGRA~1\HEWLET~1\HPSOFT~1\BAK\HPWuSchd2.exe" "C:\PROGRA~1\HEWLET~1\HPSOFT~1"

if exist "C:\PROGRA~1\HEWLET~1\{D9466~1\hphupd05.exe" 
move /Y "C:\PROGRA~1\HEWLET~1\{D9466~1\BAK\hphupd05.exe" "C:\PROGRA~1\HEWLET~1\{D9466~1"

if exist "C:\PROGRA~1\HP\HPCORE~1\hpcmpmgr.exe" 
move /Y "C:\PROGRA~1\HP\HPCORE~1\BAK\hpcmpmgr.exe" "C:\PROGRA~1\HP\HPCORE~1"

if exist "C:\PROGRA~1\MCAFEE.COM\PERSON~1\MPfTray.exe" 
move /Y "C:\PROGRA~1\MCAFEE.COM\PERSON~1\BAK\MPfTray.exe" "C:\PROGRA~1\MCAFEE.COM\PERSON~1"

if exist "C:\PROGRA~1\REAL\REALPL~1\RealPlay.exe" 
move /Y "C:\PROGRA~1\REAL\REALPL~1\BAK\RealPlay.exe" "C:\PROGRA~1\REAL\REALPL~1"

if exist "C:\PROGRA~1\YAHOO!\MESSEN~1\YahooMessenger.exe" 
move /Y "C:\PROGRA~1\YAHOO!\MESSEN~1\BAK\YahooMessenger.exe" "C:\PROGRA~1\YAHOO!\MESSEN~1"

if exist "C:\PROGRA~1\COMMON~1\AOL\ACS\AOLDial.exe" 
move /Y "C:\PROGRA~1\COMMON~1\AOL\ACS\BAK\AOLDial.exe" "C:\PROGRA~1\COMMON~1\AOL\ACS"

if exist "C:\PROGRA~1\GOOGLE\GOOGLE~1\10720~1.364\GoogleToolbarNotifier.exe" 
move /Y "C:\PROGRA~1\GOOGLE\GOOGLE~1\10720~1.364\BAK\GoogleToolbarNotifier.exe" "C:\PROGRA~1\GOOGLE\GOOGLE~1\10720~1.364"

if exist "C:\PROGRA~1\HEWLET~1\PHOTOS~1\PHOTOI~1\Hpi_Monitor.exe" 
move /Y "C:\PROGRA~1\HEWLET~1\PHOTOS~1\PHOTOI~1\BAK\Hpi_Monitor.exe" "C:\PROGRA~1\HEWLET~1\PHOTOS~1\PHOTOI~1"

if exist "C:\PROGRA~1\JAVA\JRE15~1.0_0\BIN\jusched.exe" 
move /Y "C:\PROGRA~1\JAVA\JRE15~1.0_0\BIN\BAK\jusched.exe" "C:\PROGRA~1\JAVA\JRE15~1.0_0\BIN\jusched.exe"

if exist "C:\PROGRA~1\COMMON~1\AOL\114480~1\EE\AOLSoftware.exe" 
move /Y "C:\PROGRA~1\COMMON~1\AOL\114480~1\EE\BAK\AOLSoftware.exe" "C:\PROGRA~1\COMMON~1\AOL\114480~1\EE"

if exist "C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\2\printray.exe" 
move /Y "C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\2\BAK\printray.exe" "C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\2"

if exist "C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\hpztsb09.exe" 
move /Y "C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\BAK\hpztsb09.exe" "C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3"

if exist "C:\PROGRA~1\COMMON~1\AOL\114480~1\EE\SERVICES\SSCFIR~1\VER1_2~1\SSCRun.exe" 
move /Y "C:\PROGRA~1\COMMON~1\AOL\114480~1\EE\SERVICES\SSCFIR~1\VER1_2~1\BAK\SSCRun.exe" "C:\PROGRA~1\COMMON~1\AOL\114480~1\EE\SERVICES\SSCFIR~1\VER1_2~1"

del 123.bat

In Notepad, go to File (upper menu bar), and select: Save as
In the Save as prompt:
Save in: Desktop
File Name: "123.bat"
Save as Type: All files
Click: Save
Exit out of Notepad.

Next, on the Desktop, double click on bakfile.bat

Reboot your computer in normal windows.

====
Also, please run the following:

1. DelDomains
http://www.mvps.org/.../DelDomains.inf
To delete all entries in the Restricted & Trusted Zone list, right click DelDomains.inf
Select: Install

2. ResetProtocolDefaults
http://www.mvps.org/...colDefaults.reg
Right click the link, save target as or save link as, and save to the Desktop.

Locate ResetProtocolDefaults.reg on the Desktop
Right-click and select: Merge
OK the prompt

Please can you then run the Downloader.Agent.awf tool again (see post 11). Post the log back here.



Let me know if anything changed. when i double click the bakfile.bat nothing pops up such as a screen or if one does its only for like a mil-a-sec. is that what its supose to do? heres the new log. thanks.

Find AWF report by noahdfear 2006


21504 byte files found
~~~~~~~~~~~~~



21504 byte files sorted with strings
~~~~~~~~~~~~~~~~~~~~~



25600 byte files found
~~~~~~~~~~~~~

25600 "C:\Program Files\Hitware Popup Killer Lite 3\HitwarePKLite.exe"
25600 "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
25600 "C:\Program Files\QuickTime\qttask.exe"
25600 "C:\WINDOWS\SYSTEM32\hkcmd.exe"
25600 "C:\WINDOWS\SYSTEM32\hphmon05.exe"
25600 "C:\WINDOWS\SYSTEM32\igfxtray.exe"
25600 "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
25600 "C:\Program Files\Hewlett-Packard\{D946675D-1D6C-4dc8-9E0D-B4B8EAA30EAA}\hphupd05.exe"
25600 "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
25600 "C:\Program Files\McAfee.com\personal firewall\MPfTray.exe"
25600 "C:\Program Files\Pure Networks\Port Magic\PortAOL.exe"
25600 "C:\Program Files\Real\RealPlayer\RealPlay.exe"
25600 "C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe"
25600 "C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe"
25600 "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
25600 "C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\2\printray.exe"
25600 "C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\hpztsb09.exe"
25600 "C:\Program Files\Common Files\AOL\1144807810\EE\services\sscFirewallPlugin\ver1_210_2_1\SSCRun.exe"


25600 byte files sorted with strings
~~~~~~~~~~~~~~~~~~~~~

C:\Program Files\Hitware Popup Killer Lite 3\HitwarePKLite.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\SYSTEM32\hkcmd.exe
C:\WINDOWS\SYSTEM32\hphmon05.exe
C:\WINDOWS\SYSTEM32\igfxtray.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\Hewlett-Packard\{D946675D-1D6C-4dc8-9E0D-B4B8EAA30EAA}\hphupd05.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\McAfee.com\personal firewall\MPfTray.exe
C:\Program Files\Pure Networks\Port Magic\PortAOL.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\2\printray.exe
C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\hpztsb09.exe
C:\Program Files\Common Files\AOL\1144807810\EE\services\sscFirewallPlugin\ver1_210_2_1\SSCRun.exe


26450 byte files found
~~~~~~~~~~~~~



26450 byte files sorted with strings
~~~~~~~~~~~~~~~~~~~~~



bak folders found
~~~~~~~~~~~


Directory of C:\PROGRA~1\HITWAR~1\BAK

03/25/2004 05:14 PM 178,176 HitwarePKLite.exe
1 File(s) 178,176 bytes

Directory of C:\PROGRA~1\MIAF83~1\BAK

11/15/2005 12:12 PM 473,928 gcasServ.exe
1 File(s) 473,928 bytes

Directory of C:\PROGRA~1\QUICKT~1\BAK

09/17/2004 11:43 PM 98,304 qttask.exe
1 File(s) 98,304 bytes

Directory of C:\WINDOWS\SYSTEM32\BAK

08/18/2001 07:00 AM 13,312 ctfmon.exe
06/19/2002 02:05 PM 114,688 hkcmd.exe
02/02/2004 02:41 AM 495,616 hphmon05.exe
06/19/2002 02:14 PM 155,648 igfxtray.exe
4 File(s) 779,264 bytes

Directory of C:\PROGRA~1\HEWLET~1\HPSOFT~1\BAK

12/05/2003 02:41 PM 49,152 HPWuSchd2.exe
1 File(s) 49,152 bytes

Directory of C:\PROGRA~1\HEWLET~1\{D9466~1\BAK

11/12/2003 07:23 AM 49,152 hphupd05.exe
1 File(s) 49,152 bytes

Directory of C:\PROGRA~1\HP\HPCORE~1\BAK

12/22/2003 07:38 AM 241,664 hpcmpmgr.exe
1 File(s) 241,664 bytes

Directory of C:\PROGRA~1\MCAFEE.COM\PERSON~1\BAK

03/07/2006 02:05 PM 992,808 MPfTray.exe
1 File(s) 992,808 bytes

Directory of C:\PROGRA~1\PURENE~1\PORTMA~1\BAK

04/05/2004 03:33 PM 99,480 PortAOL.exe
1 File(s) 99,480 bytes

Directory of C:\PROGRA~1\REAL\REALPL~1\BAK

07/06/2003 04:38 PM 26,112 RealPlay.exe
1 File(s) 26,112 bytes

Directory of C:\PROGRA~1\YAHOO!\MESSEN~1\BAK

05/02/2006 02:51 PM 3,334,144 YahooMessenger.exe
1 File(s) 3,334,144 bytes

Directory of C:\PROGRA~1\COMMON~1\AOL\ACS\BAK

04/18/2005 12:38 PM 71,256 AOLDial.exe
1 File(s) 71,256 bytes

Directory of C:\PROGRA~1\GOOGLE\GOOGLE~1\10720~1.364\BAK

09/24/2006 02:50 AM 155,896 GoogleToolbarNotifier.exe
1 File(s) 155,896 bytes

Directory of C:\PROGRA~1\HEWLET~1\PHOTOS~1\PHOTOI~1\BAK

08/14/2000 03:48 PM 32,768 Hpi_Monitor.exe
1 File(s) 32,768 bytes

Directory of C:\PROGRA~1\JAVA\JRE15~1.0_0\BIN\BAK

07/26/2006 02:03 AM 49,263 jusched.exe
1 File(s) 49,263 bytes


04/10/2002 04:44 PM 679,936 DirectCD.exe
1 File(s) 679,936 bytes

Directory of C:\PROGRA~1\COMMON~1\AOL\114480~1\EE\BAK

04/20/2006 11:10 AM 50,792 AOLSoftware.exe
1 File(s) 50,792 bytes

Directory of C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\2\BAK

03/27/2001 02:45 AM 36,864 printray.exe
1 File(s) 36,864 bytes

Directory of C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\BAK

12/04/2003 06:44 AM 176,128 hpztsb09.exe
1 File(s) 176,128 bytes

Directory of C:\PROGRA~1\COMMON~1\AOL\114480~1\EE\SERVICES\SSCFIR~1\VER1_2~1\BAK

08/04/2006 07:13 AM 140,880 SSCRun.exe
1 File(s) 140,880 bytes


Duplicate files of bak directory contents
~~~~~~~~~~~~~~~~~~~~~~~

25600 Oct 10 2006 "C:\Program Files\Hitware Popup Killer Lite 3\HitwarePKLite.exe"
178176 Mar 25 2004 "C:\Program Files\Hitware Popup Killer Lite 3\bak\HitwarePKLite.exe"
25600 Oct 10 2006 "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
473928 Nov 15 2005 "C:\Program Files\Microsoft AntiSpyware\bak\gcasServ.exe"
25600 Oct 10 2006 "C:\Program Files\QuickTime\qttask.exe"
98304 Sep 17 2004 "C:\Program Files\QuickTime\bak\qttask.exe"
13312 Aug 29 2002 "C:\WINDOWS\SYSTEM32\ctfmon.exe"
13312 Aug 18 2001 "C:\WINDOWS\SYSTEM32\bak\ctfmon.exe"
114688 Jun 19 2002 "C:\DRIVERS\VIDEO\HKCMD.EXE"
25600 Oct 10 2006 "C:\WINDOWS\SYSTEM32\hkcmd.exe"
114688 Jun 19 2002 "C:\WINDOWS\SYSTEM32\bak\hkcmd.exe"
114688 Jun 19 2002 "C:\WINDOWS\SYSTEM32\ReinstallBackups\0000\DriverFiles\hkcmd.exe"
25600 Oct 10 2006 "C:\WINDOWS\SYSTEM32\hphmon05.exe"
495616 Feb 2 2004 "C:\WINDOWS\SYSTEM32\bak\hphmon05.exe"
155648 Jun 19 2002 "C:\DRIVERS\VIDEO\IGFXTRAY.EXE"
25600 Oct 10 2006 "C:\WINDOWS\SYSTEM32\igfxtray.exe"
155648 Jun 19 2002 "C:\WINDOWS\SYSTEM32\bak\igfxtray.exe"
155648 Jun 19 2002 "C:\WINDOWS\SYSTEM32\ReinstallBackups\0000\DriverFiles\igfxtray.exe"
25600 Oct 10 2006 "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
49152 Dec 5 2003 "C:\Program Files\Hewlett-Packard\HP Software Update\bak\HPWuSchd2.exe"
25600 Oct 10 2006 "C:\Program Files\Hewlett-Packard\{D946675D-1D6C-4dc8-9E0D-B4B8EAA30EAA}\hphupd05.exe"
49152 Nov 12 2003 "C:\Program Files\Hewlett-Packard\{D946675D-1D6C-4dc8-9E0D-B4B8EAA30EAA}\bak\hphupd05.exe"
25600 Oct 10 2006 "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
241664 Dec 22 2003 "C:\Program Files\HP\hpcoretech\bak\hpcmpmgr.exe"
25600 Oct 10 2006 "C:\Program Files\McAfee.com\personal firewall\MPfTray.exe"
992808 Mar 7 2006 "C:\Program Files\McAfee.com\personal firewall\bak\MPfTray.exe"
25600 Oct 10 2006 "C:\Program Files\Pure Networks\Port Magic\PortAOL.exe"
99480 Apr 5 2004 "C:\Program Files\Pure Networks\Port Magic\bak\PortAOL.exe"
25600 Oct 10 2006 "C:\Program Files\Real\RealPlayer\RealPlay.exe"
26112 Jul 6 2003 "C:\Program Files\Real\RealPlayer\bak\RealPlay.exe"
4621816 Sep 13 2006 "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"
3334144 May 2 2006 "C:\Program Files\Yahoo!\Messenger\bak\YahooMessenger.exe"
71256 Apr 18 2005 "C:\Program Files\Common Files\AOL\ACS\AOLDial.exe"
71256 Apr 18 2005 "C:\Program Files\Common Files\AOL\ACS\bak\AOLDial.exe"
61440 Sep 14 2006 "C:\Program Files\Google\Google Earth\googleearth.exe"
25600 Oct 10 2006 "C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe"
155896 Sep 24 2006 "C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\bak\GoogleToolbarNotifier.exe"
25600 Oct 10 2006 "C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe"
32768 Aug 14 2000 "C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Imaging\bak\Hpi_Monitor.exe"
49263 Oct 12 2006 "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
49263 Jul 26 2006 "C:\Program Files\Java\jre1.5.0_08\bin\bak\jusched.exe"
25600 Oct 10 2006 "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
679936 Apr 10 2002 "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\bak\DirectCD.exe"
50760 Sep 29 2006 "C:\Program Files\AOL\RC\EE\aolsoftware.exe"
50760 May 9 2006 "C:\Program Files\Common Files\AOL\1144807810\EE\AOLSoftware.exe"
50792 Apr 20 2006 "C:\Program Files\Common Files\AOL\1144807810\EE\bak\AOLSoftware.exe"
36864 Mar 27 2001 "C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\printray.exe"
25600 Oct 10 2006 "C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\2\printray.exe"
36864 Mar 27 2001 "C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\2\bak\printray.exe"
25600 Oct 10 2006 "C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\hpztsb09.exe"
176128 Dec 4 2003 "C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\bak\hpztsb09.exe"
25600 Oct 10 2006 "C:\Program Files\Common Files\AOL\1144807810\EE\services\sscFirewallPlugin\ver1_210_2_1\SSCRun.exe"
140880 Aug 4 2006 "C:\Program Files\Common Files\AOL\1144807810\EE\services\sscFirewallPlugin\ver1_210_2_1\bak\SSCRun.exe"


end of report
  • 0

#20
jamielaw

jamielaw

    Member

  • Member
  • PipPipPip
  • 350 posts
Hey johncstx

Please print out or copy this page to Notepad in order to assist you when carrying out the following instructions. Whilst completing the fix please use the Internet as little as posssible. Do not install any programs whilst we fix your computer - even the smallest of programs can wreak havoc.

You now need to follow the steps in my last post again. Boot to safe mode and make sure none of those processes are running. But this time instead of running the batch program I need you to do it manually.

Example:

if exist "C:\PROGRA~1\HITWAR~1\HitwarePKLite.exe"
move /Y "C:\PROGRA~1\HITWAR~1\BAK\HitwarePKLite.exe" "C:\PROGRA~1\HITWAR~1"


So for this one you need to go to this file: C:\PROGRA~1\HITWAR~1\BAK\HitwarePKLite.exe and copy it. You then need to go to this folder: C:\PROGRA~1\HITWAR~1 and paste the file in - choosing to overwrite the currently existing file. ~1...this means it is a dos filepath. To locate these files/folders simply click Start > Run and copy/paste the file/folder into the run box and click enter. A window will then popup for the folder or the file will open, you then paste the file in if applicable.

Steps taken for this first example:

1. Copy filepath: C:\PROGRA~1\HITWAR~1\BAK not this C:\PROGRA~1\HITWAR~1\BAK\HitwarePKLite.exe
2. Open run box and paste the folder in so you can get the file without opening it: C:\PROGRA~1\HITWAR~1\BAK\
3. You now need to find the file inside the window that pops open: HitwarePKLite.exe
4. Just leave this window open - you don't need to copy it yet
5. Copy filepath: C:\PROGRA~1\HITWAR~1
6. Use run box to open it: C:\PROGRA~1\HITWAR~1
7. Go back to other window and copy this file: HitwarePKLite.exe
8. Paste it in the new folder you opened most recently.
9. Repeat this step for all the files in the batch - it is tedious but important.

If you get stuck with this step just ask - but it is important you get all of them in that batch file.

You then need to carry the fix on from the last post as normal after you have manually copied the files from the batch in the last post.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP