Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Help Removing 88.80.7.66, A.doginhispen, B.skitodayplease


  • Please log in to reply
17 replies to this topic

#1 DisasterPiece

DisasterPiece

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:07:06 AM

Posted 05 February 2008 - 07:45 PM

Hello,

I am having the same problem that many other people here have had. I have 88.80.7.66, A.doginhispen, B.skitodayplease in my Temporary Internet Files folder and in my History. I was wondering if I could get help just like this person got. I see that QuietMan7 gave step by step instructions and it seems like they were helpful. I have downloaded FindAWF.exe. I do not want to take the same steps that were given to the other person who has had this problem because it might do different things. Also, it seems that 88.80.7.66, A.doginhispen, B.skitodayplease are giving me a hard time with AOL. It may have stolen my password because now I cannot go on AOL. Help ASAP would be GREATLY appreciated.

MOD EDIT: Fixed link in "this person" so it linked to post (removed extra "http://" to make it work) ~ stevealmighty

Edited by stevealmighty, 05 February 2008 - 07:51 PM.


BC AdBot (Login to Remove)

 


#2 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 36,911 posts
  • ONLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:08:06 AM

Posted 06 February 2008 - 12:59 AM

Hello DisasterPiece and welcome to BC :flowers:

That is very wise of you to choose to wait for directions rather than following someone else's cleaning instructions. If you are concerned about the passwords, go to another computer that is not infected and change them there.

For the first step, you will do the same thing as the others, but from that point it will change and I will have someone more experienced than I take over at that point:

You have a difficult infection to get rid of. It is related to downloader.awf and it replaces many legitimate files with bad ones. The good ones are put into backup files. The bad ones are put where the good ones should be and when you run the programs, the malware runs instead. For the first step,

Download FindAWF.exe by noahdfear and save to your desktop.
  • Double-click on FindAWF.exe to start.
  • If a "Security Alert" shows, allow the program to run.
  • A command prompt will open and ask you to "Press any key to continue...".
  • You will be presented with a Menu.
  • Press 1 then 'Enter' to scan for bak folders
  • When complete, it will open a text file in notepad called AWF.txt which will automatically be saved to your desktop.
  • Copy and paste the contents of the awf.txt file in your next reply.
Also you should read "How can I clear browser history? IE, Firefox, Mozilla, Netscape, Opera".

In addition to the log, please tell us what operating system you have: Windows XP, Vista etc.

(Thanks quietman7)

Orange Blossom :thumbsup:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript

#3 DisasterPiece

DisasterPiece
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:07:06 AM

Posted 06 February 2008 - 03:40 PM

Hello and thank you for welcoming me,

I have Windows XP. Also, I am also having a cookie always go into my cookies folder called TribalFusion.com and it goes into that folder everytime I open FireFox or IE, I don't know if that has anything to do with it but I thought it was worth mentioning.

I ran the program that you recommended and here are my results:



Find AWF report by noahdfear 2006
Version 1.40

The current date is: Wed 02/06/2008
The current time is: 15:35:12.03


bak folders found
~~~~~~~~~~~


Directory of C:\WINDOWS\BAK

02/08/2006 10:37 AM 2,875,904 Cyb2k.exe
1 File(s) 2,875,904 bytes

Directory of C:\PROGRA~1\DIGITA~1\BAK

11/15/2004 05:04 PM 135,168 shwiconem.exe
1 File(s) 135,168 bytes

Directory of C:\PROGRA~1\ITUNES\BAK

12/11/2007 12:10 PM 267,048 iTunesHelper.exe
1 File(s) 267,048 bytes

Directory of C:\PROGRA~1\QUICKT~1\BAK

12/11/2007 10:56 AM 286,720 QTTask.exe
1 File(s) 286,720 bytes

Directory of C:\PROGRA~1\WINDOW~3\BAK

10/18/2006 08:05 PM 204,288 WMPNSCFG.exe
1 File(s) 204,288 bytes

Directory of C:\WINDOWS\EHOME\BAK

08/05/2005 11:56 PM 64,512 ehtray.exe
1 File(s) 64,512 bytes

Directory of C:\WINDOWS\SYSTEM32\BAK

08/10/2004 02:00 PM 15,360 ctfmon.exe
07/09/2001 10:50 AM 155,648 NeroCheck.exe
2 File(s) 171,008 bytes

Directory of C:\PROGRA~1\COMMON~1\SYMANT~1\BAK

0 File(s) 0 bytes

Directory of C:\PROGRA~1\CYBERL~1\POWERDVD\BAK

11/02/2004 10:24 PM 32,768 PDVDServ.exe
1 File(s) 32,768 bytes

Directory of C:\PROGRA~1\MCAFEE\SPAMKI~1\BAK

08/12/2005 04:16 PM 1,121,792 MSKDetct.exe
1 File(s) 1,121,792 bytes

Directory of C:\PROGRA~1\MCAFEE.COM\AGENT\BAK

08/03/2007 10:33 PM 582,992 mcagent.exe
1 File(s) 582,992 bytes

Directory of C:\PROGRA~1\PURENE~1\PORTMA~1\BAK

04/05/2004 04:33 PM 99,480 PortAOL.exe
1 File(s) 99,480 bytes

Directory of C:\PROGRA~1\COMMON~1\REAL\UPDATE~1\BAK

01/26/2007 03:41 PM 185,896 realsched.exe
1 File(s) 185,896 bytes

Directory of C:\PROGRA~1\JAVA\JRE16~3.0_0\BIN\BAK

09/25/2007 12:11 AM 132,496 jusched.exe
1 File(s) 132,496 bytes

Directory of C:\PROGRA~1\V-STREAM\PVRPLU~1\TVR\BAK

03/03/2004 09:33 PM 729,600 Scheduled.exe
1 File(s) 729,600 bytes

Directory of C:\PROGRA~1\COMMON~1\AOL\113065~1\EE\BAK

09/25/2006 07:52 PM 50,736 AOLSoftware.exe
1 File(s) 50,736 bytes


Duplicate files of bak directory contents
~~~~~~~~~~~~~~~~~~~~~~~

14860 Feb 4 2008 "C:\WINDOWS\Cyb2k.exe"
2875904 Feb 8 2006 "C:\WINDOWS\bak\Cyb2k.exe"
14860 Feb 4 2008 "C:\Program Files\Digital Media Reader\shwiconem.exe"
135168 Nov 15 2004 "C:\Program Files\Digital Media Reader\bak\shwiconem.exe"
267048 Dec 11 2007 "C:\Program Files\iTunes\iTunesHelper.exe1683872675"
267048 Dec 11 2007 "C:\Program Files\iTunes\bak\iTunesHelper.exe"
102400 Feb 5 2008 "C:\WINDOWS\Installer\{18388EF8-E0A3-442B-8BFE-E2F1B3D05C91}\iTunesIco.exe"
116008 Dec 11 2007 "C:\Documents and Settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 7.5.0.20\iTunesSetupAdmin.exe"
14860 Feb 4 2008 "C:\Program Files\QuickTime\QTTask.exe"
286720 Dec 11 2007 "C:\Program Files\QuickTime\bak\QTTask.exe"
14860 Feb 4 2008 "C:\Program Files\Windows Media Player\WMPNSCFG.exe"
204288 Oct 18 2006 "C:\Program Files\Windows Media Player\bak\WMPNSCFG.exe"
59392 Aug 10 2004 "C:\WINDOWS\$NtUninstallKB900325$\ehtray.exe"
14860 Feb 4 2008 "C:\WINDOWS\ehome\ehtray.exe"
64512 Aug 5 2005 "C:\WINDOWS\ehome\bak\ehtray.exe"
15360 Aug 10 2004 "C:\WINDOWS\system32\ctfmon.exe"
15360 Aug 10 2004 "C:\WINDOWS\system32\bak\ctfmon.exe"
14860 Feb 4 2008 "C:\WINDOWS\system32\NeroCheck.exe"
155648 Jul 9 2001 "C:\WINDOWS\system32\bak\NeroCheck.exe"
14860 Feb 4 2008 "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
32768 Nov 2 2004 "C:\Program Files\CyberLink\PowerDVD\bak\PDVDServ.exe"
14860 Feb 4 2008 "C:\Program Files\McAfee\SpamKiller\MSKDetct.exe"
1121792 Aug 12 2005 "C:\Program Files\McAfee\SpamKiller\bak\MSKDetct.exe"
14860 Feb 4 2008 "C:\Program Files\McAfee.com\Agent\mcagent.exe"
582992 Aug 3 2007 "C:\Program Files\McAfee.com\Agent\bak\mcagent.exe"
14860 Feb 4 2008 "C:\Program Files\Pure Networks\Port Magic\PortAOL.exe"
99480 Apr 5 2004 "C:\Program Files\Pure Networks\Port Magic\bak\PortAOL.exe"
14860 Feb 4 2008 "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"
185896 Jan 26 2007 "C:\Program Files\Common Files\Real\Update_OB\bak\realsched.exe"
132496 Sep 25 2007 "C:\Program Files\Java\jre1.6.0_03\bin\bak\jusched.exe"
14860 Feb 4 2008 "C:\Program Files\V-Stream\PVR Plus\TVR\Scheduled.exe"
729600 Mar 3 2004 "C:\Program Files\V-Stream\PVR Plus\TVR\bak\Scheduled.exe"
50736 Sep 25 2006 "C:\Program Files\AIM6\aolsoftware.exe"
14860 Feb 4 2008 "C:\Program Files\Common Files\AOL\1130652600\EE\AOLSoftware.exe"
50736 Sep 25 2006 "C:\Program Files\Common Files\AOL\1130652600\EE\bak\AOLSoftware.exe"


end of report

Edited by DisasterPiece, 06 February 2008 - 03:51 PM.


#4 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 36,911 posts
  • ONLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:08:06 AM

Posted 06 February 2008 - 10:30 PM

Good job Disasterpiece,

I'm going to contact someone with more experience to take over this thread. Please be patient and await his/her reply as he/she is not online right now.

Orange Blossom :thumbsup:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript

#5 SifuMike

SifuMike

    malware expert


  • Staff Emeritus
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:05:06 AM

Posted 09 February 2008 - 11:30 AM

Hello DisasterPiece,


I am SifuMike and I will be helping you remove with the AWF infection. :thumbsup:

Please double-click the FindAWF icon once again

If a Security Alert shows, allow the program to run.
As instructed, press any key to continue.
Use the following option: Press 2 then Enter to restore files from bak folders

A text file opens called: files.txt
Click below the line and paste the following list of files to be restored:


"C:\WINDOWS\bak\Cyb2k.exe"
"C:\Program Files\Digital Media Reader\bak\shwiconem.exe"
"C:\Program Files\iTunes\bak\iTunesHelper.exe"
"C:\Program Files\QuickTime\bak\QTTask.exe"
"C:\Program Files\Windows Media Player\bak\WMPNSCFG.exe"
"C:\WINDOWS\ehome\bak\ehtray.exe"
"C:\WINDOWS\system32\bak\ctfmon.exe"
"C:\WINDOWS\system32\bak\NeroCheck.exe"
"C:\Program Files\CyberLink\PowerDVD\bak\PDVDServ.exe"
"C:\Program Files\McAfee\SpamKiller\bak\MSKDetct.exe"
"C:\Program Files\McAfee.com\Agent\bak\mcagent.exe"
"C:\Program Files\Pure Networks\Port Magic\bak\PortAOL.exe"
"C:\Program Files\Common Files\Real\Update_OB\bak\realsched.exe"
"C:\Program Files\Java\jre1.6.0_03\bin\bak\jusched.exe"
"C:\Program Files\V-Stream\PVR Plus\TVR\bak\Scheduled.exe"
"C:\Program Files\Common Files\AOL\1130652600\EE\bak\AOLSoftware.exe"


Next, close and click Yes to save the changes.

Once files.txt is saved, FindAWF does the following:
-It attempts to terminate the process represented by each filename on the list, if running
-Deletes the rogue file from the parent folder, if present
-Copies the original file to the parent folder

When done with the above, it automatically runs a new scan and opens a new log.
Please provide the new FindAWF log in your reply.
If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#6 DisasterPiece

DisasterPiece
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:07:06 AM

Posted 09 February 2008 - 01:16 PM

Hello SifuMike,

Thank you for your reply. Have done done what you have recommended and here is my new log:


Find AWF report by noahdfear 2006
Version 1.40
Option 2 run successfully

The current date is: Sat 02/09/2008
The current time is: 13:09:57.01


bak folders found
~~~~~~~~~~~


Directory of C:\WINDOWS\BAK

02/08/2006 10:37 AM 2,875,904 Cyb2k.exe
1 File(s) 2,875,904 bytes

Directory of C:\PROGRA~1\DIGITA~1\BAK

11/15/2004 05:04 PM 135,168 shwiconem.exe
1 File(s) 135,168 bytes

Directory of C:\PROGRA~1\ITUNES\BAK

12/11/2007 12:10 PM 267,048 iTunesHelper.exe
1 File(s) 267,048 bytes

Directory of C:\PROGRA~1\QUICKT~1\BAK

12/11/2007 10:56 AM 286,720 QTTask.exe
1 File(s) 286,720 bytes

Directory of C:\PROGRA~1\WINDOW~3\BAK

10/18/2006 08:05 PM 204,288 WMPNSCFG.exe
1 File(s) 204,288 bytes

Directory of C:\WINDOWS\EHOME\BAK

08/05/2005 11:56 PM 64,512 ehtray.exe
1 File(s) 64,512 bytes

Directory of C:\WINDOWS\SYSTEM32\BAK

08/10/2004 02:00 PM 15,360 ctfmon.exe
07/09/2001 10:50 AM 155,648 NeroCheck.exe
2 File(s) 171,008 bytes

Directory of C:\PROGRA~1\COMMON~1\SYMANT~1\BAK

0 File(s) 0 bytes

Directory of C:\PROGRA~1\CYBERL~1\POWERDVD\BAK

11/02/2004 10:24 PM 32,768 PDVDServ.exe
1 File(s) 32,768 bytes

Directory of C:\PROGRA~1\MCAFEE\SPAMKI~1\BAK

08/12/2005 04:16 PM 1,121,792 MSKDetct.exe
1 File(s) 1,121,792 bytes

Directory of C:\PROGRA~1\MCAFEE.COM\AGENT\BAK

08/03/2007 10:33 PM 582,992 mcagent.exe
1 File(s) 582,992 bytes

Directory of C:\PROGRA~1\PURENE~1\PORTMA~1\BAK

04/05/2004 04:33 PM 99,480 PortAOL.exe
1 File(s) 99,480 bytes

Directory of C:\PROGRA~1\COMMON~1\REAL\UPDATE~1\BAK

01/26/2007 03:41 PM 185,896 realsched.exe
1 File(s) 185,896 bytes

Directory of C:\PROGRA~1\JAVA\JRE16~3.0_0\BIN\BAK

09/25/2007 12:11 AM 132,496 jusched.exe
1 File(s) 132,496 bytes

Directory of C:\PROGRA~1\V-STREAM\PVRPLU~1\TVR\BAK

03/03/2004 09:33 PM 729,600 Scheduled.exe
1 File(s) 729,600 bytes

Directory of C:\PROGRA~1\COMMON~1\AOL\113065~1\EE\BAK

09/25/2006 07:52 PM 50,736 AOLSoftware.exe
1 File(s) 50,736 bytes


Duplicate files of bak directory contents
~~~~~~~~~~~~~~~~~~~~~~~

2875904 Feb 8 2006 "C:\WINDOWS\Cyb2k.exe"
2875904 Feb 8 2006 "C:\WINDOWS\bak\Cyb2k.exe"
135168 Nov 15 2004 "C:\Program Files\Digital Media Reader\shwiconem.exe"
135168 Nov 15 2004 "C:\Program Files\Digital Media Reader\bak\shwiconem.exe"
267048 Dec 11 2007 "C:\Program Files\iTunes\iTunesHelper.exe1683872675"
267048 Dec 11 2007 "C:\Program Files\iTunes\bak\iTunesHelper.exe"
102400 Feb 5 2008 "C:\WINDOWS\Installer\{18388EF8-E0A3-442B-8BFE-E2F1B3D05C91}\iTunesIco.exe"
116008 Dec 11 2007 "C:\Documents and Settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 7.5.0.20\iTunesSetupAdmin.exe"
286720 Dec 11 2007 "C:\Program Files\QuickTime\QTTask.exe"
286720 Dec 11 2007 "C:\Program Files\QuickTime\bak\QTTask.exe"
204288 Oct 18 2006 "C:\Program Files\Windows Media Player\WMPNSCFG.exe"
204288 Oct 18 2006 "C:\Program Files\Windows Media Player\bak\WMPNSCFG.exe"
59392 Aug 10 2004 "C:\WINDOWS\$NtUninstallKB900325$\ehtray.exe"
64512 Aug 5 2005 "C:\WINDOWS\ehome\ehtray.exe"
64512 Aug 5 2005 "C:\WINDOWS\ehome\bak\ehtray.exe"
15360 Aug 10 2004 "C:\WINDOWS\system32\ctfmon.exe"
15360 Aug 10 2004 "C:\WINDOWS\system32\bak\ctfmon.exe"
155648 Jul 9 2001 "C:\WINDOWS\system32\NeroCheck.exe"
155648 Jul 9 2001 "C:\WINDOWS\system32\bak\NeroCheck.exe"
32768 Nov 2 2004 "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
32768 Nov 2 2004 "C:\Program Files\CyberLink\PowerDVD\bak\PDVDServ.exe"
1121792 Aug 12 2005 "C:\Program Files\McAfee\SpamKiller\MSKDetct.exe"
1121792 Aug 12 2005 "C:\Program Files\McAfee\SpamKiller\bak\MSKDetct.exe"
582992 Aug 3 2007 "C:\Program Files\McAfee.com\Agent\mcagent.exe"
582992 Aug 3 2007 "C:\Program Files\McAfee.com\Agent\bak\mcagent.exe"
99480 Apr 5 2004 "C:\Program Files\Pure Networks\Port Magic\PortAOL.exe"
99480 Apr 5 2004 "C:\Program Files\Pure Networks\Port Magic\bak\PortAOL.exe"
185896 Jan 26 2007 "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"
185896 Jan 26 2007 "C:\Program Files\Common Files\Real\Update_OB\bak\realsched.exe"
132496 Sep 25 2007 "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
132496 Sep 25 2007 "C:\Program Files\Java\jre1.6.0_03\bin\bak\jusched.exe"
729600 Mar 3 2004 "C:\Program Files\V-Stream\PVR Plus\TVR\Scheduled.exe"
729600 Mar 3 2004 "C:\Program Files\V-Stream\PVR Plus\TVR\bak\Scheduled.exe"
50736 Sep 25 2006 "C:\Program Files\AIM6\aolsoftware.exe"
14860 Feb 4 2008 "C:\Program Files\Common Files\AOL\1130652600\EE\AOLSoftware.exe"
50736 Sep 25 2006 "C:\Program Files\Common Files\AOL\1130652600\EE\bak\AOLSoftware.exe"


end of report

#7 SifuMike

SifuMike

    malware expert


  • Staff Emeritus
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:05:06 AM

Posted 09 February 2008 - 01:58 PM

Hello DisasterPiece,

Please download ATF Cleaner by Atribune.Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.

Reboot your computer <==== Important



Please double-click the FindAWF icon once again
This time we are going to remove some folders.

If a Security Alert shows, allow the program to run.
As instructed, press any key to continue.
Use the following option: Press 3 then Enter to remove bak folders

A text file opens called: folders.txt
Click below the line and paste the following list of folders to be removed:

C:\WINDOWS\bak
C:\Program Files\Digital Media Reader\bak
C:\Program Files\iTunes\bak
C:\Program Files\QuickTime\bak
C:\Program Files\Windows Media Player\bak
C:\WINDOWS\ehome\bak
C:\WINDOWS\system32\bak
C:\Program Files\CyberLink\PowerDVD\bak
C:\Program Files\McAfee\SpamKiller\bak
C:\Program Files\McAfee.com\Agent\bak
C:\Program Files\Pure Networks\Port Magic\bak
C:\Program Files\Common Files\Real\Update_OB\bak
C:\Program Files\Java\jre1.6.0_03\bin\bak
C:\Program Files\V-Stream\PVR Plus\TVR\bak
C:\Program Files\Common Files\AOL\1130652600\EE\bak


Next, close and click Yes to save the changes.

When done with the above, FindAWF automatically runs a new scan and opens a new log that you need to post.
Please provide the new FindAWF log in your reply
If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#8 DisasterPiece

DisasterPiece
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:07:06 AM

Posted 09 February 2008 - 05:26 PM

Hello and thank you once again,

I have done what you have recommended and here is my log:


Find AWF report by noahdfear 2006
Version 1.40
Option 3 run successfully

The current date is: Sat 02/09/2008
The current time is: 17:24:32.60


bak folders found
~~~~~~~~~~~


Directory of C:\PROGRA~1\COMMON~1\SYMANT~1\BAK

0 File(s) 0 bytes

Directory of C:\PROGRA~1\COMMON~1\AOL\113065~1\EE\BAK

09/25/2006 07:52 PM 50,736 AOLSoftware.exe
1 File(s) 50,736 bytes


Duplicate files of bak directory contents
~~~~~~~~~~~~~~~~~~~~~~~

50736 Sep 25 2006 "C:\Program Files\AIM6\aolsoftware.exe"
14860 Feb 4 2008 "C:\Program Files\Common Files\AOL\1130652600\EE\AOLSoftware.exe"
50736 Sep 25 2006 "C:\Program Files\Common Files\AOL\1130652600\EE\bak\AOLSoftware.exe"


end of report

#9 SifuMike

SifuMike

    malware expert


  • Staff Emeritus
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:05:06 AM

Posted 09 February 2008 - 06:26 PM

Hello DisasterPiece,

We need to remove one file. :thumbsup:

Please download the OTMoveIt2 by OldTimer.
  • Save it to your desktop.
  • Please double-click OTMoveIt2.exe to run it.
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):

    C:\Program Files\Common Files\AOL\1130652600\EE\bak

  • Return to OTMoveIt2, right click on the "Paste List of Files/Folders to be moved" window and choose Paste.
  • Click the red Moveit! button.
  • Copy everything on the Results window to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it on your next reply.
  • Note : If a reboot was necessary or you needed to Exit before posting the log, you will find a copy of the log at the root of the drive where OTMoveIt is installed, usually at :
    C:\_OTMoveIt2\MovedFiles\********_******.log
    (where "********_******" is the "date_time")
  • Close OTMoveIt2
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

Caution: Be careful of what you copy and paste with this tool. OTMoveIt2 is a powerful program, designed to move highly persistent files and folders. Not following the directions as instructed or using incorrectly could lead to disastrous problems with your operating system.


Download FindAWF:
http://noahdfear.geekstogo.com/FindAWF.exe
Save the file to the Desktop
Double-click the FindAWF icon.

If a Security Alert shows, allow the program to run.
As instructed, press any key to continue.
Use the following option: Press 1 then Enter to scan for bak folders
The scan may take a while, please be patient.

When done, a text file, Find AWF report is produced that we need to look at.
Please post it in your reply along with the OTMove2 log.
If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#10 DisasterPiece

DisasterPiece
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:07:06 AM

Posted 09 February 2008 - 07:26 PM

Hello and thanks again,

Here is my OTMove2 Log:

C:\Program Files\Common Files\AOL\1130652600\EE\bak moved successfully.

OTMoveIt2 v1.0.19 log created on 02092008_192341





Here is my FindAWF Log:

Find AWF report by noahdfear 2006
Version 1.40

The current date is: Sat 02/09/2008
The current time is: 19:26:23.98


bak folders found
~~~~~~~~~~~


Directory of C:\PROGRA~1\COMMON~1\SYMANT~1\BAK

0 File(s) 0 bytes

Directory of C:\_OTMOV~1\MOVEDF~1\020920~1\PROGRA~1\COMMON~1\AOL\113065~1\EE\BAK

09/25/2006 07:52 PM 50,736 AOLSoftware.exe
1 File(s) 50,736 bytes


Duplicate files of bak directory contents
~~~~~~~~~~~~~~~~~~~~~~~

50736 Sep 25 2006 "C:\Program Files\AIM6\aolsoftware.exe"
14860 Feb 4 2008 "C:\Program Files\Common Files\AOL\1130652600\EE\AOLSoftware.exe"
50736 Sep 25 2006 "C:\_OTMoveIt\MovedFiles\02092008_192341\Program Files\Common Files\AOL\1130652600\EE\bak\AOLSoftware.exe"


end of report

#11 SifuMike

SifuMike

    malware expert


  • Staff Emeritus
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:05:06 AM

Posted 09 February 2008 - 07:28 PM

Hello DisasterPiece,

Double-click the FindAWF icon once again.
Use the following option: Press 4 then Enter to reset domain zones.
When the program returns to the main menu, use the following option:
Press E then Enter to EXIT


Open OTMoveIt and click the CleanUp! button on top.
In the left pane, it will display a list of tools and other related files which you may have downloaded/used during our cleanup + backup folders that were created with the bad files present.
They are not needed anymore, so OtMoveIt will delete them.
Do not edit anything in that Window!
Don't worry if it displays some tools you didn't download/use.
Click Yes when it asks to Begin cleanup process.
Then reboot your computer.

Whataboutadog should be gone now. :thumbsup:
Please tell me how your computer is running.
If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#12 DisasterPiece

DisasterPiece
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:07:06 AM

Posted 09 February 2008 - 07:44 PM

My computer is running fine but there is still one problem. 3 Firefox documents keep coming up in my temporary internet files.
They are a.adoginhispen and b.skitodayplease. Everytime i open Firefox, they appear. Should I uninstall Firefox and only use IE?

#13 SifuMike

SifuMike

    malware expert


  • Staff Emeritus
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:05:06 AM

Posted 09 February 2008 - 09:17 PM

Hello DisasterPiece,

Try this:Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.

Reboot your computer <==== Important

Edited by SifuMike, 09 February 2008 - 09:18 PM.

If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#14 DisasterPiece

DisasterPiece
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:07:06 AM

Posted 09 February 2008 - 10:37 PM

Hello,

Yeah I decided it might be safe to Uninstall FireFox.

My Computer is running great. Thank you for all of your help. Same to you Orange Blossom. I would have never been able to do what you told me to do by myself. I appreciate your quick replys. I will definitely use BleepingComputer whenever I need help. Thank you for all of your time.

Sincerely,

DisasterPiece

Edited by DisasterPiece, 09 February 2008 - 10:39 PM.


#15 SifuMike

SifuMike

    malware expert


  • Staff Emeritus
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:05:06 AM

Posted 09 February 2008 - 10:44 PM

Thank you for the kind words.. It's always nice to hear that someone appreciates the help we are giving. :thumbsup:
If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users