blank pop-ups

Reply
1 2 3 Last »

Join Date: May 2005
Posts: 3,269
Reputation: gerbil will become famous soon enough gerbil will become famous soon enough 
Solved Threads: 202
gerbil gerbil is offline Offline
Nearly a Senior Poster

Re: blank pop-ups

 
1
  #11
Oct 26th, 2007
DeOnna, for some reason [not your fault, it's the trojan...] that operation did not fully work, so please repeat option2 with the same block of entries [repeated below]
[We are trying to copy the original files back into their proper locations, overwriting the affected files.]
So:
-option 2, FindAWF: dclick the .exe to start the program, select to restore files, into the text file that opens paste all the text between the lines:
_____________________________________________________________
"C:\Program Files\HP DigitalMedia Archive\bak\DMAScheduler.exe"
"C:\Program Files\Picasa2\bak\PicasaMediaDetector.exe"
"C:\Program Files\REGSHAVE\bak\REGSHAVE.EXE"
"C:\Program Files\Windows Defender\bak\MSASCui.exe"
"C:\WINDOWS\CREATOR\bak\Remind_XP.exe"
"C:\WINDOWS\ehome\bak\ehtray.exe"
"C:\WINDOWS\SMINST\bak\RECGUARD.EXE"
"C:\Program Files\Grisoft\AVG Free\bak\avgcc.exe"
"C:\Program Files\Hewlett-Packard\HP Boot Optimizer\bak\HPBootOp.exe"
"C:\Program Files\HP\HP Software Update\bak\HPWuSchd2.exe"
"C:\Program Files\Yahoo!\Search Protection\bak\SearchProtection.exe"
"C:\Program Files\Common Files\Real\Update_OB\bak\realsched.exe"
"C:\Program Files\Java\jre1.6.0_02\bin\bak\jusched.exe"
"C:\Program Files\Snapfish\Snapfish PhotoShow\data\Xtras\bak\mssysmgr.exe"
_____________________________________________________________

-close the text file and click Yes. Please post the contents of the notepad that opens.
Deep, deep in the woods, but walking about.
Reply With Quote Quick reply to this message  
Join Date: Jun 2004
Posts: 253
Reputation: deonnanicole is an unknown quantity at this point 
Solved Threads: 13
deonnanicole deonnanicole is offline Offline
Posting Whiz in Training

Re: blank pop-ups

 
0
  #12
Oct 26th, 2007
Here you go.....


Find AWF report by noahdfear ©2006
Version 1.40
Option 2 run successfully

The current date is: Fri 10/26/2007
The current time is: 8:43:31.29


bak folders found
~~~~~~~~~~~


Directory of C:\PROGRA~1\HPDIGI~1\BAK

04/13/2006 12:05 PM 90,112 DMAScheduler.exe
1 File(s) 90,112 bytes

Directory of C:\PROGRA~1\MSNMES~1\BAK

0 File(s) 0 bytes

Directory of C:\PROGRA~1\PICASA2\BAK

06/15/2007 07:15 PM 366,400 PicasaMediaDetector.exe
1 File(s) 366,400 bytes

Directory of C:\PROGRA~1\REGSHAVE\BAK

02/04/2002 10:32 PM 53,248 REGSHAVE.EXE
1 File(s) 53,248 bytes

Directory of C:\PROGRA~1\WIFD1F~1\BAK

11/03/2006 07:20 PM 866,584 MSASCui.exe
1 File(s) 866,584 bytes

Directory of C:\WINDOWS\CREATOR\BAK

12/14/2004 05:23 AM 663,552 Remind_XP.exe
1 File(s) 663,552 bytes

Directory of C:\WINDOWS\EHOME\BAK

09/30/2005 12:01 AM 67,584 ehtray.exe
1 File(s) 67,584 bytes

Directory of C:\WINDOWS\SMINST\BAK

07/23/2005 01:14 AM 237,568 RECGUARD.EXE
1 File(s) 237,568 bytes

Directory of C:\PROGRA~1\GRISOFT\AVGFRE~1\BAK

09/14/2007 09:38 AM 421,888 avgcc.exe
1 File(s) 421,888 bytes

Directory of C:\PROGRA~1\HEWLET~1\HPBOOT~1\BAK

02/16/2006 01:34 AM 249,856 HPBootOp.exe
1 File(s) 249,856 bytes

Directory of C:\PROGRA~1\HP\HPSOFT~1\BAK

02/16/2005 11:11 PM 49,152 HPWuSchd2.exe
1 File(s) 49,152 bytes

Directory of C:\PROGRA~1\YAHOO!\MESSEN~1\BAK

0 File(s) 0 bytes

Directory of C:\PROGRA~1\YAHOO!\SEARCH~1\BAK

06/08/2007 10:59 AM 224,248 SearchProtection.exe
1 File(s) 224,248 bytes

Directory of C:\PROGRA~1\COMMON~1\REAL\UPDATE~1\BAK

07/31/2006 07:16 PM 180,269 realsched.exe
1 File(s) 180,269 bytes

Directory of C:\PROGRA~1\JAVA\JRE16~2.0_0\BIN\BAK

07/12/2007 04:00 AM 132,496 jusched.exe
1 File(s) 132,496 bytes

Directory of C:\PROGRA~1\SNAPFISH\SNAPFI~1\DATA\XTRAS\BAK

01/31/2005 03:06 PM 208,896 mssysmgr.exe
1 File(s) 208,896 bytes


Duplicate files of bak directory contents
~~~~~~~~~~~~~~~~~~~~~~~

90112 Apr 13 2006 "C:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe"
90112 Apr 13 2006 "C:\Program Files\HP DigitalMedia Archive\bak\DMAScheduler.exe"
591416 Sep 27 2007 "C:\Program Files\Picasa2\PicasaUpdate.exe"
5388088 Jun 29 2007 "C:\Documents and Settings\HP_Administrator\My Documents\picasaweb-current-setup.exe"
366400 Jun 15 2007 "C:\Program Files\Picasa2\bak\PicasaMediaDetector.exe"
665160 Sep 27 2007 "C:\Program Files\Picasa2\cdautorun\PicasaRestore.exe"
53248 Feb 4 2002 "C:\Program Files\REGSHAVE\REGSHAVE.EXE"
53248 Feb 4 2002 "C:\Program Files\REGSHAVE\bak\REGSHAVE.EXE"
866584 Nov 3 2006 "C:\Program Files\Windows Defender\MSASCui.exe"
866584 Nov 3 2006 "C:\Program Files\Windows Defender\bak\MSASCui.exe"
663552 Dec 14 2004 "C:\WINDOWS\CREATOR\Remind_XP.exe"
663552 Dec 14 2004 "C:\WINDOWS\CREATOR\bak\Remind_XP.exe"
64512 Aug 5 2005 "C:\WINDOWS\$NtUninstallKB908246$\ehtray.exe"
64512 Aug 5 2005 "C:\WINDOWS\ehome\ehtray.exe"
67584 Sep 30 2005 "C:\WINDOWS\ehome\bak\ehtray.exe"
237568 Jul 23 2005 "C:\WINDOWS\SMINST\RECGUARD.EXE"
237568 Jul 23 2005 "C:\WINDOWS\SMINST\bak\RECGUARD.EXE"
421888 Sep 14 2007 "C:\Program Files\Grisoft\AVG Free\avgcc.exe"
421888 Sep 14 2007 "C:\Program Files\Grisoft\AVG Free\bak\avgcc.exe"
421888 Sep 14 2007 "C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7upd\backup\avgcc.exe"
249856 Feb 16 2006 "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe"
249856 Feb 16 2006 "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\bak\HPBootOp.exe"
49152 Feb 16 2005 "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
49152 Feb 16 2005 "C:\Program Files\HP\HP Software Update\bak\HPWuSchd2.exe"
224248 Jun 8 2007 "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
224248 Jun 8 2007 "C:\Program Files\Yahoo!\Search Protection\bak\SearchProtection.exe"
180269 Jul 31 2006 "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"
180269 Jul 31 2006 "C:\Program Files\Common Files\Real\Update_OB\bak\realsched.exe"
132496 Sep 25 2007 "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
132496 Jul 12 2007 "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
36975 Nov 10 2005 "C:\RECYCLER\S-1-5-21-3809739533-768046810-4258763112-1007\Dc1.0_06\bin\jusched.exe"
49263 Nov 9 2006 "C:\RECYCLER\S-1-5-21-3809739533-768046810-4258763112-1007\Dc2.0_10\bin\jusched.exe"
49263 Oct 12 2006 "C:\RECYCLER\S-1-5-21-3809739533-768046810-4258763112-1007\Dc3.0_09\bin\jusched.exe"
75520 Dec 15 2006 "C:\RECYCLER\S-1-5-21-3809739533-768046810-4258763112-1007\Dc4.0_11\bin\jusched.exe"
132496 Jul 12 2007 "C:\Program Files\Java\jre1.6.0_02\bin\bak\jusched.exe"
208896 Jan 31 2005 "C:\Program Files\Snapfish\Snapfish PhotoShow\data\Xtras\mssysmgr.exe"
208896 Jan 31 2005 "C:\Program Files\Snapfish\Snapfish PhotoShow\data\Xtras\bak\mssysmgr.exe"


end of report
Reply With Quote Quick reply to this message  
Join Date: May 2005
Posts: 3,269
Reputation: gerbil will become famous soon enough gerbil will become famous soon enough 
Solved Threads: 202
gerbil gerbil is offline Offline
Nearly a Senior Poster

Re: blank pop-ups

 
0
  #13
Oct 26th, 2007
DeOnna, try option 2 again with just these two:

"C:\WINDOWS\ehome\bak\ehtray.exe"
"C:\Program Files\Picasa2\bak\PicasaMediaDetector.exe"
Deep, deep in the woods, but walking about.
Reply With Quote Quick reply to this message  
Join Date: Jun 2004
Posts: 253
Reputation: deonnanicole is an unknown quantity at this point 
Solved Threads: 13
deonnanicole deonnanicole is offline Offline
Posting Whiz in Training

Re: blank pop-ups

 
0
  #14
Oct 26th, 2007
Find AWF report by noahdfear ©2006
Version 1.40
Option 2 run successfully

The current date is: Fri 10/26/2007
The current time is: 9:37:44.73


bak folders found
~~~~~~~~~~~


Directory of C:\PROGRA~1\HPDIGI~1\BAK

04/13/2006 12:05 PM 90,112 DMAScheduler.exe
1 File(s) 90,112 bytes

Directory of C:\PROGRA~1\MSNMES~1\BAK

0 File(s) 0 bytes

Directory of C:\PROGRA~1\PICASA2\BAK

06/15/2007 07:15 PM 366,400 PicasaMediaDetector.exe
1 File(s) 366,400 bytes

Directory of C:\PROGRA~1\REGSHAVE\BAK

02/04/2002 10:32 PM 53,248 REGSHAVE.EXE
1 File(s) 53,248 bytes

Directory of C:\PROGRA~1\WIFD1F~1\BAK

11/03/2006 07:20 PM 866,584 MSASCui.exe
1 File(s) 866,584 bytes

Directory of C:\WINDOWS\CREATOR\BAK

12/14/2004 05:23 AM 663,552 Remind_XP.exe
1 File(s) 663,552 bytes

Directory of C:\WINDOWS\EHOME\BAK

09/30/2005 12:01 AM 67,584 ehtray.exe
1 File(s) 67,584 bytes

Directory of C:\WINDOWS\SMINST\BAK

07/23/2005 01:14 AM 237,568 RECGUARD.EXE
1 File(s) 237,568 bytes

Directory of C:\PROGRA~1\GRISOFT\AVGFRE~1\BAK

09/14/2007 09:38 AM 421,888 avgcc.exe
1 File(s) 421,888 bytes

Directory of C:\PROGRA~1\HEWLET~1\HPBOOT~1\BAK

02/16/2006 01:34 AM 249,856 HPBootOp.exe
1 File(s) 249,856 bytes

Directory of C:\PROGRA~1\HP\HPSOFT~1\BAK

02/16/2005 11:11 PM 49,152 HPWuSchd2.exe
1 File(s) 49,152 bytes

Directory of C:\PROGRA~1\YAHOO!\MESSEN~1\BAK

0 File(s) 0 bytes

Directory of C:\PROGRA~1\YAHOO!\SEARCH~1\BAK

06/08/2007 10:59 AM 224,248 SearchProtection.exe
1 File(s) 224,248 bytes

Directory of C:\PROGRA~1\COMMON~1\REAL\UPDATE~1\BAK

07/31/2006 07:16 PM 180,269 realsched.exe
1 File(s) 180,269 bytes

Directory of C:\PROGRA~1\JAVA\JRE16~2.0_0\BIN\BAK

07/12/2007 04:00 AM 132,496 jusched.exe
1 File(s) 132,496 bytes

Directory of C:\PROGRA~1\SNAPFISH\SNAPFI~1\DATA\XTRAS\BAK

01/31/2005 03:06 PM 208,896 mssysmgr.exe
1 File(s) 208,896 bytes


Duplicate files of bak directory contents
~~~~~~~~~~~~~~~~~~~~~~~

90112 Apr 13 2006 "C:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe"
90112 Apr 13 2006 "C:\Program Files\HP DigitalMedia Archive\bak\DMAScheduler.exe"
591416 Sep 27 2007 "C:\Program Files\Picasa2\PicasaUpdate.exe"
5388088 Jun 29 2007 "C:\Documents and Settings\HP_Administrator\My Documents\picasaweb-current-setup.exe"
366400 Jun 15 2007 "C:\Program Files\Picasa2\bak\PicasaMediaDetector.exe"
665160 Sep 27 2007 "C:\Program Files\Picasa2\cdautorun\PicasaRestore.exe"
53248 Feb 4 2002 "C:\Program Files\REGSHAVE\REGSHAVE.EXE"
53248 Feb 4 2002 "C:\Program Files\REGSHAVE\bak\REGSHAVE.EXE"
866584 Nov 3 2006 "C:\Program Files\Windows Defender\MSASCui.exe"
866584 Nov 3 2006 "C:\Program Files\Windows Defender\bak\MSASCui.exe"
663552 Dec 14 2004 "C:\WINDOWS\CREATOR\Remind_XP.exe"
663552 Dec 14 2004 "C:\WINDOWS\CREATOR\bak\Remind_XP.exe"
64512 Aug 5 2005 "C:\WINDOWS\$NtUninstallKB908246$\ehtray.exe"
64512 Aug 5 2005 "C:\WINDOWS\ehome\ehtray.exe"
67584 Sep 30 2005 "C:\WINDOWS\ehome\bak\ehtray.exe"
237568 Jul 23 2005 "C:\WINDOWS\SMINST\RECGUARD.EXE"
237568 Jul 23 2005 "C:\WINDOWS\SMINST\bak\RECGUARD.EXE"
421888 Sep 14 2007 "C:\Program Files\Grisoft\AVG Free\avgcc.exe"
421888 Sep 14 2007 "C:\Program Files\Grisoft\AVG Free\bak\avgcc.exe"
421888 Sep 14 2007 "C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7upd\backup\avgcc.exe"
249856 Feb 16 2006 "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe"
249856 Feb 16 2006 "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\bak\HPBootOp.exe"
49152 Feb 16 2005 "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
49152 Feb 16 2005 "C:\Program Files\HP\HP Software Update\bak\HPWuSchd2.exe"
224248 Jun 8 2007 "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
224248 Jun 8 2007 "C:\Program Files\Yahoo!\Search Protection\bak\SearchProtection.exe"
180269 Jul 31 2006 "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"
180269 Jul 31 2006 "C:\Program Files\Common Files\Real\Update_OB\bak\realsched.exe"
132496 Sep 25 2007 "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
132496 Jul 12 2007 "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
36975 Nov 10 2005 "C:\RECYCLER\S-1-5-21-3809739533-768046810-4258763112-1007\Dc1.0_06\bin\jusched.exe"
49263 Nov 9 2006 "C:\RECYCLER\S-1-5-21-3809739533-768046810-4258763112-1007\Dc2.0_10\bin\jusched.exe"
49263 Oct 12 2006 "C:\RECYCLER\S-1-5-21-3809739533-768046810-4258763112-1007\Dc3.0_09\bin\jusched.exe"
75520 Dec 15 2006 "C:\RECYCLER\S-1-5-21-3809739533-768046810-4258763112-1007\Dc4.0_11\bin\jusched.exe"
132496 Jul 12 2007 "C:\Program Files\Java\jre1.6.0_02\bin\bak\jusched.exe"
208896 Jan 31 2005 "C:\Program Files\Snapfish\Snapfish PhotoShow\data\Xtras\mssysmgr.exe"
208896 Jan 31 2005 "C:\Program Files\Snapfish\Snapfish PhotoShow\data\Xtras\bak\mssysmgr.exe"


end of report
Reply With Quote Quick reply to this message  
Join Date: May 2005
Posts: 3,269
Reputation: gerbil will become famous soon enough gerbil will become famous soon enough 
Solved Threads: 202
gerbil gerbil is offline Offline
Nearly a Senior Poster

Re: blank pop-ups

 
0
  #15
Oct 26th, 2007
Nope, it is failing on those two again. So we'll try it the brute force way.
==Please copy the text between the lines to a notepad [format/wordwrap unchecked] and save as fixawf.bat, as type "all files", to your desktop; dclick it to run.
__________________________________________________________
if exist "C:\WINDOWS\ehome\ehtray.exe" del /q "C:\WINDOWS\ehome\ehtray.exe"
copy "C:\WINDOWS\ehome\bak\ehtray.exe" "C:\WINDOWS\ehome"
if exist "C:\WINDOWS\$NtUninstallKB908246$\ehtray.exe" del /q "C:\WINDOWS\$NtUninstallKB908246$\ehtray.exe"
copy "C:\WINDOWS\ehome\bak\ehtray.exe" "C:\WINDOWS\$NtUninstallKB908246$"
del /q "C:\WINDOWS\ehome\bak\ehtray.exe"

if exist "C:\Program Files\Picasa2\PicasaMediaDetector.exe" del /q "C:\Program Files\Picasa2\PicasaMediaDetector.exe"
copy "C:\Program Files\Picasa2\bak\PicasaMediaDetector.exe" "C:\Program Files\Picasa2"
del /q "C:\Program Files\Picasa2\bak\PicasaMediaDetector.exe"
__________________________________________________________

Finally run option 1 again so that I may check the replacements.
Last edited by gerbil; Oct 26th, 2007 at 10:16 am.
Deep, deep in the woods, but walking about.
Reply With Quote Quick reply to this message  
Join Date: May 2005
Posts: 3,269
Reputation: gerbil will become famous soon enough gerbil will become famous soon enough 
Solved Threads: 202
gerbil gerbil is offline Offline
Nearly a Senior Poster

Re: blank pop-ups

 
0
  #16
Oct 26th, 2007
Grinning here... that't the final edit. Run it.
And it's bedtime for me now.
Last edited by gerbil; Oct 26th, 2007 at 10:24 am.
Deep, deep in the woods, but walking about.
Reply With Quote Quick reply to this message  
Join Date: Jun 2004
Posts: 253
Reputation: deonnanicole is an unknown quantity at this point 
Solved Threads: 13
deonnanicole deonnanicole is offline Offline
Posting Whiz in Training

Re: blank pop-ups

 
0
  #17
Oct 26th, 2007
Ok, when I do that and double click on it, it opens for just a second and then closes again.....am I doing something wrong? Thanks again!

DeOnna
Reply With Quote Quick reply to this message  
Join Date: Jun 2004
Posts: 253
Reputation: deonnanicole is an unknown quantity at this point 
Solved Threads: 13
deonnanicole deonnanicole is offline Offline
Posting Whiz in Training

Re: blank pop-ups

 
0
  #18
Oct 26th, 2007
Here is what I got after doing that, and running option one again.


Find AWF report by noahdfear ©2006
Version 1.40

The current date is: Fri 10/26/2007
The current time is: 10:40:34.32


bak folders found
~~~~~~~~~~~


Directory of C:\PROGRA~1\HPDIGI~1\BAK

04/13/2006 12:05 PM 90,112 DMAScheduler.exe
1 File(s) 90,112 bytes

Directory of C:\PROGRA~1\MSNMES~1\BAK

0 File(s) 0 bytes

Directory of C:\PROGRA~1\PICASA2\BAK

0 File(s) 0 bytes

Directory of C:\PROGRA~1\REGSHAVE\BAK

02/04/2002 10:32 PM 53,248 REGSHAVE.EXE
1 File(s) 53,248 bytes

Directory of C:\PROGRA~1\WIFD1F~1\BAK

11/03/2006 07:20 PM 866,584 MSASCui.exe
1 File(s) 866,584 bytes

Directory of C:\WINDOWS\CREATOR\BAK

12/14/2004 05:23 AM 663,552 Remind_XP.exe
1 File(s) 663,552 bytes

Directory of C:\WINDOWS\EHOME\BAK

0 File(s) 0 bytes

Directory of C:\WINDOWS\SMINST\BAK

07/23/2005 01:14 AM 237,568 RECGUARD.EXE
1 File(s) 237,568 bytes

Directory of C:\PROGRA~1\GRISOFT\AVGFRE~1\BAK

09/14/2007 09:38 AM 421,888 avgcc.exe
1 File(s) 421,888 bytes

Directory of C:\PROGRA~1\HEWLET~1\HPBOOT~1\BAK

02/16/2006 01:34 AM 249,856 HPBootOp.exe
1 File(s) 249,856 bytes

Directory of C:\PROGRA~1\HP\HPSOFT~1\BAK

02/16/2005 11:11 PM 49,152 HPWuSchd2.exe
1 File(s) 49,152 bytes

Directory of C:\PROGRA~1\YAHOO!\MESSEN~1\BAK

0 File(s) 0 bytes

Directory of C:\PROGRA~1\YAHOO!\SEARCH~1\BAK

06/08/2007 10:59 AM 224,248 SearchProtection.exe
1 File(s) 224,248 bytes

Directory of C:\PROGRA~1\COMMON~1\REAL\UPDATE~1\BAK

07/31/2006 07:16 PM 180,269 realsched.exe
1 File(s) 180,269 bytes

Directory of C:\PROGRA~1\JAVA\JRE16~2.0_0\BIN\BAK

07/12/2007 04:00 AM 132,496 jusched.exe
1 File(s) 132,496 bytes

Directory of C:\PROGRA~1\SNAPFISH\SNAPFI~1\DATA\XTRAS\BAK

01/31/2005 03:06 PM 208,896 mssysmgr.exe
1 File(s) 208,896 bytes


Duplicate files of bak directory contents
~~~~~~~~~~~~~~~~~~~~~~~

90112 Apr 13 2006 "C:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe"
90112 Apr 13 2006 "C:\Program Files\HP DigitalMedia Archive\bak\DMAScheduler.exe"
53248 Feb 4 2002 "C:\Program Files\REGSHAVE\REGSHAVE.EXE"
53248 Feb 4 2002 "C:\Program Files\REGSHAVE\bak\REGSHAVE.EXE"
866584 Nov 3 2006 "C:\Program Files\Windows Defender\MSASCui.exe"
866584 Nov 3 2006 "C:\Program Files\Windows Defender\bak\MSASCui.exe"
663552 Dec 14 2004 "C:\WINDOWS\CREATOR\Remind_XP.exe"
663552 Dec 14 2004 "C:\WINDOWS\CREATOR\bak\Remind_XP.exe"
237568 Jul 23 2005 "C:\WINDOWS\SMINST\RECGUARD.EXE"
237568 Jul 23 2005 "C:\WINDOWS\SMINST\bak\RECGUARD.EXE"
421888 Sep 14 2007 "C:\Program Files\Grisoft\AVG Free\avgcc.exe"
421888 Sep 14 2007 "C:\Program Files\Grisoft\AVG Free\bak\avgcc.exe"
421888 Sep 14 2007 "C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7upd\backup\avgcc.exe"
249856 Feb 16 2006 "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe"
249856 Feb 16 2006 "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\bak\HPBootOp.exe"
49152 Feb 16 2005 "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
49152 Feb 16 2005 "C:\Program Files\HP\HP Software Update\bak\HPWuSchd2.exe"
224248 Jun 8 2007 "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
224248 Jun 8 2007 "C:\Program Files\Yahoo!\Search Protection\bak\SearchProtection.exe"
180269 Jul 31 2006 "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"
180269 Jul 31 2006 "C:\Program Files\Common Files\Real\Update_OB\bak\realsched.exe"
132496 Sep 25 2007 "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
132496 Jul 12 2007 "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
36975 Nov 10 2005 "C:\RECYCLER\S-1-5-21-3809739533-768046810-4258763112-1007\Dc1.0_06\bin\jusched.exe"
49263 Nov 9 2006 "C:\RECYCLER\S-1-5-21-3809739533-768046810-4258763112-1007\Dc2.0_10\bin\jusched.exe"
49263 Oct 12 2006 "C:\RECYCLER\S-1-5-21-3809739533-768046810-4258763112-1007\Dc3.0_09\bin\jusched.exe"
75520 Dec 15 2006 "C:\RECYCLER\S-1-5-21-3809739533-768046810-4258763112-1007\Dc4.0_11\bin\jusched.exe"
132496 Jul 12 2007 "C:\Program Files\Java\jre1.6.0_02\bin\bak\jusched.exe"
208896 Jan 31 2005 "C:\Program Files\Snapfish\Snapfish PhotoShow\data\Xtras\mssysmgr.exe"
208896 Jan 31 2005 "C:\Program Files\Snapfish\Snapfish PhotoShow\data\Xtras\bak\mssysmgr.exe"


end of report
Reply With Quote Quick reply to this message  
Join Date: May 2005
Posts: 3,269
Reputation: gerbil will become famous soon enough gerbil will become famous soon enough 
Solved Threads: 202
gerbil gerbil is offline Offline
Nearly a Senior Poster

Re: blank pop-ups

 
0
  #19
Oct 26th, 2007
Sorry, DeOnna, I should have mentioned that, yes, all you would see is a brief flick of a black window. It did its job [if you did, trying it more than once would not have hurt].
So now all the good files are copied back into their original directories, replacing the infected copies. This next step deletes the copy folders:
-option 3, FindAWF: start the program again, select to remove bak folders, into the text file that opens paste all the text between the lines:
_____________________________________________________________
C:\Program Files\HP DigitalMedia Archive\bak
C:\Program Files\REGSHAVE\bak
C:\Program Files\Windows Defender\bak
C:\WINDOWS\CREATOR\bak
C:\WINDOWS\SMINST\bak
C:\Program Files\Grisoft\AVG Free\bak
C:\Program Files\Hewlett-Packard\HP Boot Optimizer\bak
C:\Program Files\HP\HP Software Update\bak
C:\Program Files\Yahoo!\Search Protection\bak
C:\Program Files\Common Files\Real\Update_OB\bak
C:\Program Files\Java\jre1.6.0_02\bin\bak
C:\Program Files\Snapfish\Snapfish PhotoShow\data\Xtras\bak
_____________________________________________________________

-close the text file and click Yes. Please post the contents of the notepad that opens.
Then, if and only if these two sections of the report are empty...:

bak folders found
~~~~~~~~~~~
Duplicate files of bak directory contents
~~~~~~~~~~~~~~~~~~~~~~~

...go ahead and run option 4 next -this will reset your restricted and trusted sites in IE, tools, internet options, security. If you have added trusted sites you will have to re-enter them afterward [for an extra level of security I keep the https box checked here]. That is up to your judgement.
If you use SpywareBlaster, IE-SpyAd, Spybot etc you will need to re-enable their restrictions afterwards.
Say how things are and post a fresh hijackthis log.
Cheers.
Deep, deep in the woods, but walking about.
Reply With Quote Quick reply to this message  
Join Date: Jun 2004
Posts: 253
Reputation: deonnanicole is an unknown quantity at this point 
Solved Threads: 13
deonnanicole deonnanicole is offline Offline
Posting Whiz in Training

Re: blank pop-ups

 
0
  #20
Oct 26th, 2007
Find AWF report by noahdfear ©2006
Version 1.40
Option 3 run successfully

The current date is: Fri 10/26/2007
The current time is: 21:48:04.53


bak folders found
~~~~~~~~~~~


Directory of C:\PROGRA~1\MSNMES~1\BAK

0 File(s) 0 bytes

Directory of C:\PROGRA~1\PICASA2\BAK

0 File(s) 0 bytes

Directory of C:\WINDOWS\EHOME\BAK

0 File(s) 0 bytes

Directory of C:\PROGRA~1\YAHOO!\MESSEN~1\BAK

0 File(s) 0 bytes


Duplicate files of bak directory contents
~~~~~~~~~~~~~~~~~~~~~~~



end of report


As you can see, no files found. I am going to run the last option now, and post a hijackthis log either tonight or tomorrow morning if I have time before family from out of town gets here. If not, I will post it tomorrow night. Thanks!
Reply With Quote Quick reply to this message  
Reply
1 2 3 Last »

Quick Reply to Thread
This thread is more than three months old.
Perhaps start a new thread instead?
Message:



Similar Threads
Other Threads in the Viruses, Spyware and other Nasties Forum


Views: 4511 | Replies: 33
Thread Tools Search this Thread



Tag cloud for Viruses, Spyware and other Nasties
access adobe advertising adware alert analysis apple attack avg botnet botnets browser c++ center china chip-and-pin code commercial commercials connect control cracking ddos dialler dumbass email encryption exploit explorer fake firefox fraud google government hack hacking hijack hjt hosting hosts ibm ie8 internet iphone links login malware mcafee media mega-d mozilla msn news panel pc pdf phishing police porn pro problem redirect redirecting regedit report rogueantivirus rootkit rsa safety samhain scareware search security seopoisoning sites software spam spyware support survey system threat trojan unwanted update virus viruses vista volume vulnerability warning windows windowsxp worm wscntfy.exe xp xp_antispyware_2010 yahoo zero-day zeus
About Us | Contact Us | Advertise | DaniWeb | Acceptable Use Policy | RSS Feed

©2003 - 2010 DaniWeb® LLC