Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Another Vicitm Of 88.80.7.66, A.doginhispen, B.skitodayplease


  • Please log in to reply
13 replies to this topic

#1 vanos

vanos

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:06:55 AM

Posted 04 February 2008 - 09:54 PM

I have also fallen victim to these viruses. I have read the previous posts and tried to follow the instructions the best I could.
Is the fix the same for everyone or do I need to do something different?
I am running windows xp media center edition with IE7.0.5730.11
I downloaded, find awf and here is my log:


Find AWF report by noahdfear 2006
Version 1.40

The current date is: Mon 02/04/2008
The current time is: 21:25:11.00


bak folders found
~~~~~~~~~~~


Directory of C:\HP\KBD\BAK

02/02/2005 04:44 PM 61,440 KBD.EXE
1 File(s) 61,440 bytes

Directory of C:\PROGRA~1\DISC\BAK

10/30/2007 09:57 PM 1,095,256 DISCover.exe
1 File(s) 1,095,256 bytes

Directory of C:\PROGRA~1\ITUNES\BAK

12/11/2007 12:10 PM 267,048 iTunesHelper.exe
1 File(s) 267,048 bytes

Directory of C:\PROGRA~1\MESSEN~1\BAK

0 File(s) 0 bytes

Directory of C:\PROGRA~1\QUICKT~1\BAK

12/11/2007 10:56 AM 286,720 qttask.exe
1 File(s) 286,720 bytes

Directory of C:\WINDOWS\CREATOR\BAK

12/13/2004 10:23 PM 663,552 Remind_XP.exe
1 File(s) 663,552 bytes

Directory of C:\WINDOWS\EHOME\BAK

08/05/2005 04:56 PM 64,512 ehtray.exe
1 File(s) 64,512 bytes

Directory of C:\WINDOWS\SMINST\BAK

07/22/2005 06:14 PM 237,568 RECGUARD.EXE
1 File(s) 237,568 bytes

Directory of C:\WINDOWS\SYSTEM32\BAK

08/09/2004 04:00 PM 15,360 ctfmon.exe
1 File(s) 15,360 bytes

Directory of C:\PROGRA~1\BELLSO~1\ALERTM~1\BAK

01/10/2006 04:56 PM 1,896,448 BellSouthAlertManager.exe
1 File(s) 1,896,448 bytes

Directory of C:\PROGRA~1\COMMON~1\SYMANT~1\BAK

0 File(s) 0 bytes

Directory of C:\PROGRA~1\HEWLET~1\HPBOOT~1\BAK

11/09/2005 12:29 PM 249,856 HPBootOp.exe
1 File(s) 249,856 bytes

Directory of C:\PROGRA~1\HP\HPSOFT~1\BAK

02/19/2006 02:41 AM 49,152 HPWuSchd2.exe
1 File(s) 49,152 bytes

Directory of C:\PROGRA~1\INTEL\INTELM~1\BAK

02/21/2006 04:59 PM 143,360 Iaanotif.exe
1 File(s) 143,360 bytes

Directory of C:\PROGRA~1\LOGITECH\ITOUCH\BAK

12/01/2003 11:38 AM 892,928 iTouch.exe
1 File(s) 892,928 bytes

Directory of C:\PROGRA~1\MUSICM~1\MUSICM~2\BAK

10/01/2003 10:01 AM 114,688 mm_tray.exe
10/01/2003 10:01 AM 53,248 mmtask.exe
2 File(s) 167,936 bytes

Directory of C:\PROGRA~1\BELLSO~1\HELPCE~1\BIN\BAK

10/30/2006 11:00 AM 192,512 sprtcmd.exe
1 File(s) 192,512 bytes

Directory of C:\PROGRA~1\GOOGLE\GOOGLE~2\121128~1.546\BAK

01/14/2008 06:24 PM 171,448 GoogleToolbarNotifier.exe
1 File(s) 171,448 bytes

Directory of C:\PROGRA~1\HP\DIGITA~1\{33D6C~1\BAK

06/01/2005 06:35 PM 49,152 hphupd08.exe
1 File(s) 49,152 bytes

Directory of C:\PROGRA~1\JAVA\JRE16~1.0_0\BIN\BAK

09/25/2007 01:11 AM 132,496 jusched.exe
1 File(s) 132,496 bytes

Directory of C:\PROGRA~1\SONIC\DIGITA~1\DIGITA~1\BAK

11/01/2005 05:01 AM 90,112 DMAScheduler.exe
1 File(s) 90,112 bytes

Directory of C:\PROGRA~1\LOGITECH\DESKTO~1\8876480\PROGRAM\BAK

0 File(s) 0 bytes


Duplicate files of bak directory contents
~~~~~~~~~~~~~~~~~~~~~~~

14348 Jan 31 2008 "C:\hp\KBD\KBD.EXE"
61440 Feb 2 2005 "C:\hp\KBD\bak\KBD.EXE"
14348 Jan 31 2008 "C:\Program Files\DISC\DISCover.exe"
1095256 Oct 30 2007 "C:\Program Files\DISC\bak\DISCover.exe"
14348 Jan 31 2008 "C:\Program Files\iTunes\iTunesHelper.exe"
267048 Dec 11 2007 "C:\Program Files\iTunes\bak\iTunesHelper.exe"
102400 Jan 8 2008 "C:\WINDOWS\Installer\{18388EF8-E0A3-442B-8BFE-E2F1B3D05C91}\iTunesIco.exe"
116008 Dec 11 2007 "C:\Documents and Settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 7.5.0.20\iTunesSetupAdmin.exe"
14348 Jan 31 2008 "C:\Program Files\QuickTime\qttask.exe"
286720 Dec 11 2007 "C:\Program Files\QuickTime\bak\qttask.exe"
14348 Jan 31 2008 "C:\WINDOWS\CREATOR\Remind_XP.exe"
663552 Dec 13 2004 "C:\WINDOWS\CREATOR\bak\Remind_XP.exe"
64512 Aug 5 2005 "C:\WINDOWS\ehome\ehtray.exe"
64512 Aug 5 2005 "C:\WINDOWS\ehome\bak\ehtray.exe"
14348 Jan 31 2008 "C:\WINDOWS\SMINST\RECGUARD.EXE"
237568 Jul 22 2005 "C:\WINDOWS\SMINST\bak\RECGUARD.EXE"
15360 Aug 9 2004 "C:\WINDOWS\system32\ctfmon.exe"
15360 Aug 9 2004 "C:\WINDOWS\system32\bak\ctfmon.exe"
14348 Jan 31 2008 "C:\Program Files\BellSouth\Alert Manager\BellSouthAlertManager.exe"
147456 Aug 23 2005 "C:\Program Files\Common Files\Motive\BellSouthBrowser.exe"
1896448 Jan 10 2006 "C:\Program Files\BellSouth\Alert Manager\bak\BellSouthAlertManager.exe"
14348 Jan 31 2008 "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe"
249856 Nov 9 2005 "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\bak\HPBootOp.exe"
14348 Jan 31 2008 "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
49152 Feb 19 2006 "C:\Program Files\HP\HP Software Update\bak\HPWuSchd2.exe"
14348 Jan 31 2008 "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
143360 Feb 21 2006 "C:\Program Files\Intel\Intel Matrix Storage Manager\bak\Iaanotif.exe"
14348 Jan 31 2008 "C:\Program Files\Logitech\iTouch\iTouch.exe"
892928 Dec 1 2003 "C:\Program Files\Logitech\iTouch\bak\iTouch.exe"
53248 Oct 1 2003 "C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\bak\mmtask.exe"
114688 Oct 1 2003 "C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\bak\mm_tray.exe"
14348 Jan 31 2008 "C:\Program Files\BellSouth\HelpCenter\bin\sprtcmd.exe"
192512 Oct 30 2006 "C:\Program Files\BellSouth\HelpCenter\bin\bak\sprtcmd.exe"
52272 Jan 14 2008 "C:\Program Files\Google\googletoolbar1user.exe"
69632 Mar 13 2007 "C:\Program Files\Google\Google Earth\googleearth.exe"
559784 Mar 18 2006 "C:\Program Files\Common Files\Real\GToolbar\GoogleToolbarInstaller.exe"
138168 Jan 14 2008 "C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe"
14348 Jan 31 2008 "C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe"
171448 Jan 14 2008 "C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\bak\GoogleToolbarNotifier.exe"
14348 Jan 31 2008 "C:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe"
49152 Jun 1 2005 "C:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\bak\hphupd08.exe"
36975 Aug 26 2005 "C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe"
14348 Jan 31 2008 "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
132496 Sep 25 2007 "C:\Program Files\Java\jre1.6.0_03\bin\bak\jusched.exe"
14348 Jan 31 2008 "C:\Program Files\Sonic\DigitalMedia Plus\DigitalMedia Archive\DMAScheduler.exe"
90112 Nov 1 2005 "C:\Program Files\Sonic\DigitalMedia Plus\DigitalMedia Archive\bak\DMAScheduler.exe"


end of report

Edited by vanos, 04 February 2008 - 09:57 PM.


BC AdBot (Login to Remove)

 


#2 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,122 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:07:55 AM

Posted 05 February 2008 - 11:25 PM

Double-click the FindAWF icon once again.
  • If a "Security Alert" shows, allow the program to run.
  • A command prompt will open and ask you to "Press any key to continue...".
  • You will be presented with a Menu.
  • Press 2 then 'Enter' to restore files from bak folders
  • A text file named files.txt will then open.
  • Click below the line and copy/paste the following list of files in the quote box into the text file:

"C:\hp\KBD\bak\KBD.EXE"
"C:\Program Files\DISC\bak\DISCover.exe"
"C:\Program Files\iTunes\bak\iTunesHelper.exe"
"C:\Program Files\QuickTime\bak\qttask.exe"
"C:\WINDOWS\CREATOR\bak\Remind_XP.exe"
"C:\WINDOWS\ehome\bak\ehtray.exe"
"C:\WINDOWS\SMINST\bak\RECGUARD.EXE"
"C:\WINDOWS\system32\bak\ctfmon.exe"
"C:\Program Files\BellSouth\Alert Manager\bak\BellSouthAlertManager.exe"
"C:\Program Files\Hewlett-Packard\HP Boot Optimizer\bak\HPBootOp.exe"
"C:\Program Files\HP\HP Software Update\bak\HPWuSchd2.exe"
"C:\Program Files\Intel\Intel Matrix Storage Manager\bak\Iaanotif.exe"
"C:\Program Files\Logitech\iTouch\bak\iTouch.exe"
"C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\bak\mmtask.exe"
"C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\bak\mm_tray.exe"
"C:\Program Files\BellSouth\HelpCenter\bin\bak\sprtcmd.exe"
"C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\bak\GoogleToolbarNotifier.exe"
"C:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\bak\hphupd08.exe"
"C:\Program Files\Java\jre1.6.0_03\bin\bak\jusched.exe"
"C:\Program Files\Sonic\DigitalMedia Plus\DigitalMedia Archive\bak\DMAScheduler.exe"

  • Close the text file and click Yes to save the changes. Once files.txt is saved, FindAWF does the following:
    • It attempts to terminate the process represented by each filename on the list (if running).
    • Deletes the rogue file from the parent folder (if present).
    • Copies the original file to the parent folder.
  • When done, it automatically runs a new scan and opens a new log.
  • Please copy/paste the contents of the new awf.txt log in your reply.

.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#3 vanos

vanos
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:06:55 AM

Posted 05 February 2008 - 11:48 PM

Thank you so much for the reply.


Find AWF report by noahdfear 2006
Version 1.40
Option 2 run successfully

The current date is: Tue 02/05/2008
The current time is: 23:43:04.09


bak folders found
~~~~~~~~~~~


Directory of C:\HP\KBD\BAK

02/02/2005 04:44 PM 61,440 KBD.EXE
1 File(s) 61,440 bytes

Directory of C:\PROGRA~1\DISC\BAK

10/30/2007 09:57 PM 1,095,256 DISCover.exe
1 File(s) 1,095,256 bytes

Directory of C:\PROGRA~1\ITUNES\BAK

12/11/2007 12:10 PM 267,048 iTunesHelper.exe
1 File(s) 267,048 bytes

Directory of C:\PROGRA~1\MESSEN~1\BAK

0 File(s) 0 bytes

Directory of C:\PROGRA~1\QUICKT~1\BAK

12/11/2007 10:56 AM 286,720 qttask.exe
1 File(s) 286,720 bytes

Directory of C:\WINDOWS\CREATOR\BAK

12/13/2004 10:23 PM 663,552 Remind_XP.exe
1 File(s) 663,552 bytes

Directory of C:\WINDOWS\EHOME\BAK

08/05/2005 04:56 PM 64,512 ehtray.exe
1 File(s) 64,512 bytes

Directory of C:\WINDOWS\SMINST\BAK

07/22/2005 06:14 PM 237,568 RECGUARD.EXE
1 File(s) 237,568 bytes

Directory of C:\WINDOWS\SYSTEM32\BAK

08/09/2004 04:00 PM 15,360 ctfmon.exe
1 File(s) 15,360 bytes

Directory of C:\PROGRA~1\BELLSO~1\ALERTM~1\BAK

01/10/2006 04:56 PM 1,896,448 BellSouthAlertManager.exe
1 File(s) 1,896,448 bytes

Directory of C:\PROGRA~1\COMMON~1\SYMANT~1\BAK

0 File(s) 0 bytes

Directory of C:\PROGRA~1\HEWLET~1\HPBOOT~1\BAK

11/09/2005 12:29 PM 249,856 HPBootOp.exe
1 File(s) 249,856 bytes

Directory of C:\PROGRA~1\HP\HPSOFT~1\BAK

02/19/2006 02:41 AM 49,152 HPWuSchd2.exe
1 File(s) 49,152 bytes

Directory of C:\PROGRA~1\INTEL\INTELM~1\BAK

02/21/2006 04:59 PM 143,360 Iaanotif.exe
1 File(s) 143,360 bytes

Directory of C:\PROGRA~1\LOGITECH\ITOUCH\BAK

12/01/2003 11:38 AM 892,928 iTouch.exe
1 File(s) 892,928 bytes

Directory of C:\PROGRA~1\MUSICM~1\MUSICM~2\BAK

10/01/2003 10:01 AM 114,688 mm_tray.exe
10/01/2003 10:01 AM 53,248 mmtask.exe
2 File(s) 167,936 bytes

Directory of C:\PROGRA~1\BELLSO~1\HELPCE~1\BIN\BAK

10/30/2006 11:00 AM 192,512 sprtcmd.exe
1 File(s) 192,512 bytes

Directory of C:\PROGRA~1\GOOGLE\GOOGLE~2\121128~1.546\BAK

01/14/2008 06:24 PM 171,448 GoogleToolbarNotifier.exe
1 File(s) 171,448 bytes

Directory of C:\PROGRA~1\HP\DIGITA~1\{33D6C~1\BAK

06/01/2005 06:35 PM 49,152 hphupd08.exe
1 File(s) 49,152 bytes

Directory of C:\PROGRA~1\JAVA\JRE16~1.0_0\BIN\BAK

09/25/2007 01:11 AM 132,496 jusched.exe
1 File(s) 132,496 bytes

Directory of C:\PROGRA~1\SONIC\DIGITA~1\DIGITA~1\BAK

11/01/2005 05:01 AM 90,112 DMAScheduler.exe
1 File(s) 90,112 bytes

Directory of C:\PROGRA~1\LOGITECH\DESKTO~1\8876480\PROGRAM\BAK

0 File(s) 0 bytes


Duplicate files of bak directory contents
~~~~~~~~~~~~~~~~~~~~~~~

61440 Feb 2 2005 "C:\hp\KBD\KBD.EXE"
61440 Feb 2 2005 "C:\hp\KBD\bak\KBD.EXE"
1095256 Oct 30 2007 "C:\Program Files\DISC\DISCover.exe"
1095256 Oct 30 2007 "C:\Program Files\DISC\bak\DISCover.exe"
267048 Dec 11 2007 "C:\Program Files\iTunes\iTunesHelper.exe"
267048 Dec 11 2007 "C:\Program Files\iTunes\bak\iTunesHelper.exe"
102400 Jan 8 2008 "C:\WINDOWS\Installer\{18388EF8-E0A3-442B-8BFE-E2F1B3D05C91}\iTunesIco.exe"
116008 Dec 11 2007 "C:\Documents and Settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 7.5.0.20\iTunesSetupAdmin.exe"
286720 Dec 11 2007 "C:\Program Files\QuickTime\qttask.exe"
286720 Dec 11 2007 "C:\Program Files\QuickTime\bak\qttask.exe"
663552 Dec 13 2004 "C:\WINDOWS\CREATOR\Remind_XP.exe"
663552 Dec 13 2004 "C:\WINDOWS\CREATOR\bak\Remind_XP.exe"
64512 Aug 5 2005 "C:\WINDOWS\ehome\ehtray.exe"
64512 Aug 5 2005 "C:\WINDOWS\ehome\bak\ehtray.exe"
237568 Jul 22 2005 "C:\WINDOWS\SMINST\RECGUARD.EXE"
237568 Jul 22 2005 "C:\WINDOWS\SMINST\bak\RECGUARD.EXE"
15360 Aug 9 2004 "C:\WINDOWS\system32\ctfmon.exe"
15360 Aug 9 2004 "C:\WINDOWS\system32\bak\ctfmon.exe"
1896448 Jan 10 2006 "C:\Program Files\BellSouth\Alert Manager\BellSouthAlertManager.exe"
147456 Aug 23 2005 "C:\Program Files\Common Files\Motive\BellSouthBrowser.exe"
1896448 Jan 10 2006 "C:\Program Files\BellSouth\Alert Manager\bak\BellSouthAlertManager.exe"
249856 Nov 9 2005 "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe"
249856 Nov 9 2005 "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\bak\HPBootOp.exe"
49152 Feb 19 2006 "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
49152 Feb 19 2006 "C:\Program Files\HP\HP Software Update\bak\HPWuSchd2.exe"
143360 Feb 21 2006 "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
143360 Feb 21 2006 "C:\Program Files\Intel\Intel Matrix Storage Manager\bak\Iaanotif.exe"
892928 Dec 1 2003 "C:\Program Files\Logitech\iTouch\iTouch.exe"
892928 Dec 1 2003 "C:\Program Files\Logitech\iTouch\bak\iTouch.exe"
53248 Oct 1 2003 "C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe"
53248 Oct 1 2003 "C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\bak\mmtask.exe"
114688 Oct 1 2003 "C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe"
114688 Oct 1 2003 "C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\bak\mm_tray.exe"
192512 Oct 30 2006 "C:\Program Files\BellSouth\HelpCenter\bin\sprtcmd.exe"
192512 Oct 30 2006 "C:\Program Files\BellSouth\HelpCenter\bin\bak\sprtcmd.exe"
52272 Jan 14 2008 "C:\Program Files\Google\googletoolbar1user.exe"
69632 Mar 13 2007 "C:\Program Files\Google\Google Earth\googleearth.exe"
559784 Mar 18 2006 "C:\Program Files\Common Files\Real\GToolbar\GoogleToolbarInstaller.exe"
138168 Jan 14 2008 "C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe"
171448 Jan 14 2008 "C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe"
171448 Jan 14 2008 "C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\bak\GoogleToolbarNotifier.exe"
49152 Jun 1 2005 "C:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe"
49152 Jun 1 2005 "C:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\bak\hphupd08.exe"
36975 Aug 26 2005 "C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe"
132496 Sep 25 2007 "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
132496 Sep 25 2007 "C:\Program Files\Java\jre1.6.0_03\bin\bak\jusched.exe"
90112 Nov 1 2005 "C:\Program Files\Sonic\DigitalMedia Plus\DigitalMedia Archive\DMAScheduler.exe"
90112 Nov 1 2005 "C:\Program Files\Sonic\DigitalMedia Plus\DigitalMedia Archive\bak\DMAScheduler.exe"


end of report

#4 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,122 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:07:55 AM

Posted 06 February 2008 - 08:08 AM

Double-click the FindAWF icon once again.
  • A command prompt will open and ask you to "Press any key to continue...".
  • You will be presented with a Menu.
  • Press 3 then 'Enter' to remove bak folders.
  • A text file named files.txt will then open.
  • Click below the line and copy/paste the following list of folders in the quote box into the text file:

C:\hp\KBD\bak
C:\Program Files\DISC\bak
C:\Program Files\iTunes\bak
C:\Program Files\QuickTime\bak
C:\WINDOWS\CREATOR\bak
C:\WINDOWS\ehome\bak
C:\WINDOWS\SMINST\bak
C:\WINDOWS\system32\bak
C:\Program Files\Hewlett-Packard\HP Boot Optimizer\bak
C:\Program Files\HP\HP Software Update\bak
C:\Program Files\Intel\Intel Matrix Storage Manager\bak
C:\Program Files\Logitech\iTouch\bak
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\bak
C:\Program Files\BellSouth\HelpCenter\bin\bak
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\bak
C:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\bak
C:\Program Files\Java\jre1.6.0_03\bin\bak
C:\Program Files\Sonic\DigitalMedia Plus\DigitalMedia Archive\bak

  • Close the text file and click Yes to save the changes.
  • When done, it automatically runs a new scan and opens a new log.
  • Please copy/paste the contents of the new awf.txt log in your reply.

.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#5 vanos

vanos
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:06:55 AM

Posted 06 February 2008 - 08:14 AM

Find AWF report by noahdfear 2006
Version 1.40
Option 3 run successfully

The current date is: Wed 02/06/2008
The current time is: 8:12:06.56


bak folders found
~~~~~~~~~~~


Directory of C:\PROGRA~1\MESSEN~1\BAK

0 File(s) 0 bytes

Directory of C:\PROGRA~1\BELLSO~1\ALERTM~1\BAK

01/10/2006 04:56 PM 1,896,448 BellSouthAlertManager.exe
1 File(s) 1,896,448 bytes

Directory of C:\PROGRA~1\COMMON~1\SYMANT~1\BAK

0 File(s) 0 bytes

Directory of C:\PROGRA~1\LOGITECH\DESKTO~1\8876480\PROGRAM\BAK

0 File(s) 0 bytes


Duplicate files of bak directory contents
~~~~~~~~~~~~~~~~~~~~~~~

1896448 Jan 10 2006 "C:\Program Files\BellSouth\Alert Manager\BellSouthAlertManager.exe"
147456 Aug 23 2005 "C:\Program Files\Common Files\Motive\BellSouthBrowser.exe"
1896448 Jan 10 2006 "C:\Program Files\BellSouth\Alert Manager\bak\BellSouthAlertManager.exe"


end of report

#6 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,122 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:07:55 AM

Posted 06 February 2008 - 08:40 AM

Open Windows Explorer, navigate to and delete the following bak folder:
C:\Program Files\BellSouth\Alert Manager\bak <- this folder

Double-click the FindAWF icon once again.
  • A command prompt will open and ask you to "Press any key to continue...".
  • You will be presented with a Menu.
  • Press 4 then 'Enter' to reset domain zones.
  • You will receive a warning to reset domain zones.
  • Press 1 then 'Enter'.
  • When done, you will receive a message: "Done! Zones have been reset".
  • After resetting the domain zones, the program will return to the main menu.
  • Press E then 'Enter' to EXIT.
  • Note: If you had manually added any sites in the trusted zones, they will need to be re-inserted.
Please download ATF Cleaner by Atribune & save it to your desktop. DO NOT use yet.
Please download and install SUPERAntiSpyware Free
  • Double-click SUPERAntiSypware.exe and use the default settings for installation.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download them from here and unzip into the program's folder.)
  • Under the "Configuration and Preferences", click the Preferences... button.
  • Click the "General and Startup" tab, and under Start-up Options, make sure "Start SUPERAntiSpyware when Windows starts" box is unchecked.
  • Click the "Scanning Control" tab, and under Scanner Options, make sure the following are checked (leave all others unchecked):
    • Close browsers before scanning.
    • Scan for tracking cookies.
    • Terminate memory threats before quarantining.
  • Click the "Close" button to leave the control center screen and exit the program.
  • Do not run a scan just yet.
Reboot your computer in "Safe Mode" using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode".

Double-click ATF-Cleaner.exe to run the program.
  • Under Main "Select Files to Delete" choose: Select All.
  • Click the Empty Selected button.
  • If you use Firefox browser click Firefox at the top and choose: Select All
  • Click the Empty Selected button.
    If you would like to keep your saved passwords, please click No at the prompt.
  • If you use Opera browser click Opera at the top and choose: Select All
  • Click the Empty Selected button.
    If you would like to keep your saved passwords, please click No at the prompt.
  • Click Exit on the Main menu to close the program.
Note: On Vista, "Windows Temp" is disabled. To empty "Windows Temp" ATF-Cleaner must be "Run as an Administrator".

Scan with SUPERAntiSpyware as follows:
  • Launch the program and back on the main screen, under "Scan for Harmful Software" click Scan your computer.
  • On the left, make sure you check C:\Fixed Drive.
  • On the right, under "Complete Scan", choose Perform Complete Scan and click "Next".
  • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
  • Make sure everything has a checkmark next to it and click "Next".
  • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
  • If asked if you want to reboot, click "Yes" and reboot normally.
  • To retrieve the removal information after reboot, launch SUPERAntispyware again.
    • Click Preferences, then click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    • Please copy and paste the Scan Log results in your next reply.
  • Click Close to exit the program.

.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#7 vanos

vanos
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:06:55 AM

Posted 06 February 2008 - 10:37 AM

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 02/06/2008 at 10:29 AM

Application Version : 3.9.1008

Core Rules Database Version : 3394
Trace Rules Database Version: 1386

Scan type : Complete Scan
Total Scan Time : 01:10:11

Memory items scanned : 172
Memory threats detected : 0
Registry items scanned : 7107
Registry threats detected : 0
File items scanned : 84580
File threats detected : 0

#8 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,122 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:07:55 AM

Posted 06 February 2008 - 10:57 AM

Any more signs of doginhispen, B.skitodayplease?
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#9 vanos

vanos
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:06:55 AM

Posted 06 February 2008 - 11:04 AM

I just looked in my browser history and they were still showing ( B.skitodayplease and 88.80.7.66) No sign of a.doginhispen.

#10 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,122 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:07:55 AM

Posted 06 February 2008 - 11:10 AM

As of late the history has been stubborn after running the fix tool.

"Clear your browser history" again, then Create a New Restore Point to prevent possible reinfection from an old one. Some of the malware you picked up could have been saved in System Restore. Since this is a protected directory your tools cannot access to delete these files, they sometimes can reinfect your system if you accidentally use an old restore point. Setting a new restore point AFTER cleaning your system will help prevent this and enable your computer to "roll-back" to a clean working state.

The easiest and safest way to do this is:
  • Go to Start > Programs > Accessories > System Tools and click "System Restore".
  • Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the R.P. a name, then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
  • Then use Disk Cleanup to remove all but the most recently created Restore Point.
  • Go to Start > Run and type: Cleanmgr
  • Click "Ok".
  • Click the "More Options" Tab.
  • Click "Clean Up" in the System Restore section to remove all previous restore points except the newly created one.

.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#11 vanos

vanos
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:06:55 AM

Posted 06 February 2008 - 11:22 AM

Thanks! You are awesome! Am I done now?

#12 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,122 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:07:55 AM

Posted 06 February 2008 - 11:26 AM

If there are no more signs of infection you should be ok but this is persistent malware and has been known to return. I still would recommend performing a full system scan with your anti-virus first chance you get.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#13 vanos

vanos
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:06:55 AM

Posted 06 February 2008 - 09:13 PM

OK, I thought it was gone. Ran a full system scan with Norton (nothing found), Re-ran ATF cleaner, Ran another scan with Super Anti-Spyware (Nothing found), Created a new restore point and deleted previous ones, restarted, then opened internet explorer and lo and behold they were back! (88.80.7.66, a.doginhis pen, and B.skitodayplease). WHAT NOW?? Looks like there are a lot of other folks jumping on the forum with the same problems. I just re-ran AWF and here is the log:

Find AWF report by noahdfear 2006
Version 1.40

The current date is: Wed 02/06/2008
The current time is: 21:08:54.17


bak folders found
~~~~~~~~~~~


Directory of C:\PROGRA~1\MESSEN~1\BAK

0 File(s) 0 bytes

Directory of C:\PROGRA~1\COMMON~1\SYMANT~1\BAK

0 File(s) 0 bytes

Directory of C:\PROGRA~1\LOGITECH\DESKTO~1\8876480\PROGRAM\BAK

0 File(s) 0 bytes


Duplicate files of bak directory contents
~~~~~~~~~~~~~~~~~~~~~~~



end of report

#14 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 36,849 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:07:55 AM

Posted 09 February 2008 - 03:35 PM

Hello Vanos,

I've checked with some malware experts and they said that they see no signs of infection in the AWF log, so they have suggested that you post an HJT log in the HJT forum. When you do, please include a link to this topic. Also, please post the link to the HJT topic as a reply to this thread when you have done so.

Please skip to step 9 in this guide. Make sure to create a folder for HiJack this; don't run it from a temp folder.

Create a new topic in this forum, not here and give it a good descriptive title. Briefly summarize what the problems are, what you have done to try to solve it, and what worked and didn't work and paste in your HJT log. Include the link to this thread.

After you post your log, DO NOT make any further changes to your computer: deleting files, editing the registry, using special fix tools, installing or uninstalling software etc. as this will make it more difficult for the HJT team to help you.

Please be patient as the HJT team is very busy. DO NOT bump your log as the team may think that someone is already helping you. If you have not had a response in five days, add a response to the five days no response topic and paste in the link to your thread.

Again, when you have posted the log, please add a reply to this thread and include the link to your new thread.

Orange Blossom :thumbsup:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users