Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Hello.


  • Please log in to reply

#31
jbolen

jbolen

    Member

  • Topic Starter
  • Member
  • PipPip
  • 27 posts
checking out for the night. I have kiddies to get to school in the morn. talk to you all then.
  • 0

Advertisements


#32
OldTimer

OldTimer

    Global Moderator

  • Global Moderator
  • 3,273 posts
Hi jbolen. Let's see if we can move this move this thing. Please follow the steps below in order.

Step #1

Please download The Avenger by Swandog46 to your Desktop.
  • Click on Avenger.zip to open the file
  • Extract avenger.exe to your desktop

Copy all the text contained in the code box below to your Clipboard by highlighting it and pressing (Ctrl+C):

Files to delete:
%SystemRoot%\system32\bfaeafefb.dll

Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

Now, start The Avenger program by clicking on its icon on your desktop.
  • Under "Script file to execute" choose "Input Script Manually".
  • Now click on the Magnifying Glass icon which will open a new window titled "View/edit script"
  • Paste the text copied to clipboard into this window by pressing (Ctrl+V).
  • Click Done
  • Now click on the Green Light to begin execution of the script
  • Answer "Yes" twice when prompted.

The Avenger will automatically do the following:
  • It will Restart your computer. ( In cases where the code to execute contains "Drivers to Unload", The Avenger will actually restart your system twice.)
  • On reboot, it will briefly open a black command window on your desktop, this is normal.
  • After the restart, it creates a log file that should open with the results of Avengerís actions. This log file will be located at C:\avenger.txt
  • The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.

Step #2

Start WinPFind35U. Copy/Paste the information in the codebox below into the pane where it says "Paste fix here" and then click the Run Fix button.

[Kill Explorer]
[Unregister Dlls]
[Registry - Non-Microsoft Only]
< Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
YY -> bfaeafefb -> %SystemRoot%\system32\bfaeafefb.dll
< Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\
YN -> WebBrowser\\{4982D40A-C53B-4615-B15B-B5B5E98D167C} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]
< Internet Explorer Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\
YN -> CmdMapping\\{4982D40A-C53B-4615-B15B-B5B5E98D167C} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.]
< Internet Explorer Menu Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\
YN -> &AOL Toolbar search -> Reg Error: Value  does not exist or could not be read.
[Registry - Additional Scans - Non-Microsoft Only]
< BotCheck > -> 
YN -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\AOL\ACS\AOLDial.exe -> C:\Program Files\Common Files\AOL\ACS\AOLDial.exe [C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL]
YN -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe -> C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe [C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL]
YN -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\America Online 9.0\waol.exe -> C:\Program Files\America Online 9.0\waol.exe [C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL]
YN -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe -> C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe [C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe:*:Enabled:AOLTsMon]
YN -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe -> C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe [C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe:*:Enabled:AOLTopSpeed]
YN -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\AOL\1124420374\EE\AOLServiceHost.exe -> C:\Program Files\Common Files\AOL\1124420374\EE\AOLServiceHost.exe [C:\Program Files\Common Files\AOL\1124420374\EE\AOLServiceHost.exe:*:Enabled:AOL]
YN -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\AOL\System Information\sinf.exe -> C:\Program Files\Common Files\AOL\System Information\sinf.exe [C:\Program Files\Common Files\AOL\System Information\sinf.exe:*:Enabled:AOL]
YN -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\AOL\AOL Spyware Protection\AOLSP Scheduler.exe -> C:\Program Files\Common Files\AOL\AOL Spyware Protection\AOLSP Scheduler.exe [C:\Program Files\Common Files\AOL\AOL Spyware Protection\AOLSP Scheduler.exe:*:Enabled:AOL]
YN -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\AOL\AOL Spyware Protection\asp.exe -> C:\Program Files\Common Files\AOL\AOL Spyware Protection\asp.exe [C:\Program Files\Common Files\AOL\AOL Spyware Protection\asp.exe:*:Enabled:AOL]
[Files/Folders - Created Within 30 days]
NY -> bfaeafefb.dll -> %SystemRoot%\System32\bfaeafefb.dll
NY -> 2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp
[Files/Folders - Modified Within 30 days]
NY -> bfaeafefb.dll -> %SystemRoot%\System32\bfaeafefb.dll
NY -> 2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp
[Empty Temp Folders]
[Start Explorer]

The fix should only take a very short time. When the fix is completed a message box will popup telling you that it is finished. Click the Ok button and Notepad will open with a log of actions taken during the fix.

Step #3

Run the F-Secure Online Scanner

Note: This Scanner is for Internet Explorer Only!
  • Click on Online Services and then Online Scanner
  • Accept the License Agreement.
  • Once the ActiveX installs,Click Full System Scan
  • Once the download completes,the scan will begin automatically.
  • The scan will take some time to finish,so please be patient.
  • When the scan completes, click the Automatic cleaning (recommended) button.
  • Click the Show Report button and Copy&Paste the entire report in your next reply.

Step #4

Run a new WinPFind35u scan with the following options:

Note: You must be logged on to the system with an account that has Administrator privileges to run this program.
  • Close ALL OTHER PROGRAMS.
  • Open the WinPFind3u folder and double-click on WinPFind35U.exe to start the program.
  • In the Driver Services section click on Non-Microsoft.
  • Under Additional Scans click the checkboxes in front of the following items to select them:

    • File - Additional Folder Scans
  • Do not change any other settings.
  • Now click the Run Scan button on the toolbar.
  • Let it run unhindered until it finishes.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.

Step #5

Post the following back here:
The Avenger report (c:\Avenger.txt)
The latest WinPFind35u fix log (look in the WinPFind35u folder for the MovedFiles folder. In that folder will be a file with a name in the form of mmddyyyy_hhmmss.log for month, day, year, hours, minutes, and seconds that the scan was run. )
The new WinPFind35u scan log

I will review the information when it comes back in.

Also let me know of any problems you encountered performing the steps above or any continuing problems you are still having with the computer.

Cheers.

OT
  • 0

#33
jbolen

jbolen

    Member

  • Topic Starter
  • Member
  • PipPip
  • 27 posts
OK. it will not let me run the avenger program. Do I have to be in safe mode? The program looks like it launches but them I hear a windows ding ding and then the program closes.
  • 0

#34
OldTimer

OldTimer

    Global Moderator

  • Global Moderator
  • 3,273 posts
Hi jbolen. Yeah, go ahead and try it in Safe Mode. See what happens.

Cheers.

OT
  • 0

#35
jbolen

jbolen

    Member

  • Topic Starter
  • Member
  • PipPip
  • 27 posts
OK. tryed it out in safe mode loged in as the admin and it still did the same thing, just beeped and shutdown.

after reviewing my thread i noticed i never stated when this problem started. my wife installed a best buy music service, i think it was rahpcity. after the installation a popup came up for "MALWARE CRUSH". I dont know how but it was installed on the computer but when it got to the point of putting in personal info, card numbers and adress, we stoped. by then the damage had already been done. I could not remove it. the only site that I could geet to come up was "PCpitstop.com". I bought there adware bot program because the scan detected the malware crush program. it removed the malware crush and the malware crush program did not keep poping up everytime you started the computer, however the problem still persisted. Then the time line that I put out to RiP started. I hope this helps. Thank you.

Jbolen
  • 0

#36
OldTimer

OldTimer

    Global Moderator

  • Global Moderator
  • 3,273 posts
Hi jbolen. It looks like we will need to use Recovery Console to get rid of that file. First, print off these directions because the Internet will not be available while performing these steps.

Step #1

Boot to Recovery Console by following these steps:
  • Put the XP CD into the CD drive and reboot the system.
  • When asked to boot from the CD press the key shown on the screen.
  • When the Welcome to Setup screen shows, select R for Recover Console

Step #2

Once the DOS prompt comes up type the following commands exactly as shown and press the Enter key after each one:
cd\windows\system32
attrib -s -h -r bfaeafefb.dll (note: there is a space between the -s, -h, -r, and the file name - don't type this note)
del bfaeafefb.dll
exit

Step #3

After typing exit the system should reboot. Do not boot from the CD this time. Boot back into Windows and follow the steps in the fix again.

Post all the results back here and I will review them when they come in.

Cheers.

OT
  • 0

#37
jbolen

jbolen

    Member

  • Topic Starter
  • Member
  • PipPip
  • 27 posts
It might take a while. The computer that I have is from gateway and had the software already installed. Iím sure that they sent a disk with the computer when we bought it however we have moved twice within the past 1.5 years, first move was across country. I still have a couple of boxes to dig through. I will keep you posted. :)

Jbolen
  • 0

#38
OldTimer

OldTimer

    Global Moderator

  • Global Moderator
  • 3,273 posts
Hi jbolen. If you can't find it but have a CD burner, our head TechGeek (Wannabe1) sent me the following (we're just getting everyone involved here :) ).

Download RC.ISO and burn it to a cd as an ISO image. You may need a burning toy like ISO Recorder to do this...be sure to get the version for the operating system you'll be creating the disk on.

Just download the .iso file, burn it and then boot with the CD.

Let me know if you have any quesitons.

Cheers.

OT
  • 0

#39
jbolen

jbolen

    Member

  • Topic Starter
  • Member
  • PipPip
  • 27 posts
Thanks for that. I have found a gateway Microsoft windows SP home edition system recovery cd/dvd. Is this the same thing? On the disk it is telling me that this disk is used to reinstall the OS and that all data would be erased. Iím thinking it should be the same thing as the regular Microsoft XP disk. I will be giving all this a shot in just a little bit, need to tuck the little monsters in there cave for the night.
  • 0

#40
OldTimer

OldTimer

    Global Moderator

  • Global Moderator
  • 3,273 posts
Hi jbolen. No, if it's a System Recovery disk you don't want to run that unless you want to completely wipe the machine clean. It will erase anything currently on the machine. Just go with the download and burn that to a CD and use that instead.

Cheers.

OT
  • 0

Advertisements


#41
jbolen

jbolen

    Member

  • Topic Starter
  • Member
  • PipPip
  • 27 posts
ok, thank goodness you told me I just about started to use the recovery disk. I have no disks to burn to to I will have to go to the stor tomarrow. Thanks OT and hopefully we can get this problem fixed soon.

Jbolen
  • 0

#42
jbolen

jbolen

    Member

  • Topic Starter
  • Member
  • PipPip
  • 27 posts
any recomendations on a +R, -R, RW, or does it matter. It's been a while since I have burned CD's.
  • 0

#43
OldTimer

OldTimer

    Global Moderator

  • Global Moderator
  • 3,273 posts
Hi jbolen. There would only be two types of CD's, either a standard CDR (Recordable) that can be written to once or a CDRW (ReWritable) which can be written to multiple times. I use CDRW's because I can right to them, use them, then erase them and write to them again. It's just more convenient that having a gazillion discs lying around with each only half full or less. It's simply a matter or preference.

Cheers.

OT
  • 0

#44
jbolen

jbolen

    Member

  • Topic Starter
  • Member
  • PipPip
  • 27 posts
ok, on my way to the store. Thanks again OT.
  • 0

#45
jbolen

jbolen

    Member

  • Topic Starter
  • Member
  • PipPip
  • 27 posts
OK I have burned the cd and am ready to proceed but I just have one last question. on step three when I have rebooted back into windows normaly, what do you meen "follow the steps in the fix again"? just want to make sure I have this all down before I jump in. Thanks.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP