| Hello and Welcome to Tech Support Team! Before you can start posting and answering questions, you'll have to register. Registration is fast, simple and absolutely free! Feel free to browse through existing questions by choosing the forum you want to visit below. | |
|
 | | 
6th March 2008, 05:26 AM
|  | Newcomer | | Join Date: Mar 2008, 17 posts. Location: United States Reputation:  | | | [SOLVED] Adoginhispen removal instructions. Final Step
I have been using your sticky to get this virus off my computer and I am now at the part where I am supposed to send you the logs of FindAWF and hijackthis. I don't know what all I was supposed to attach, so I just attached them all. I have labled them so that you will be able to tell which part they were all at. I will stay on for about 1 more hour if I don't get a reply. If I do, I will stay on as long as it takes. Thanks, and if you can't reply within an hour I understand and won't complain about it.  
Thanks again.
|
6th March 2008, 05:45 AM
|  | Security Team | | Join Date: Dec 2007, 2,555 posts. Location: Tulsa, OK Reputation: | |
Please download FindAWF by noadfear from one of the below links.
* Link 2
* Link 2
Save the file to the Desktop
Double-click the FindAWF icon.
If a Security Alert shows, allow the program to run.
As instructed, press any key to continue.
Use the following option: From the Keyboard Press 1 then Enter to scan for bak folders
The scan may take a while, please be patient.
When done, a text file, Find AWF report is produced.
Please add the Find AWF report in your reply. EDIT Uninstall either McAfee or AVG. Having two security suites is unnecessary and will just cause problems. |
6th March 2008, 05:51 AM
| | Newcomer | | Join Date: Mar 2008, 17 posts. Location: United States Reputation: | |
Here is what you asked for, but I already sent this in the last post. Oh well, it didn't hurt to do it again lol.  EDIT: Ok, removing AVG
Last edited by virushater; 6th March 2008 at 05:53 AM.
|
6th March 2008, 05:55 AM
| | Security Team | | Join Date: Dec 2007, 2,555 posts. Location: Tulsa, OK Reputation: | |
Double-click the FindAWF icon once again
If a Security Alert shows, allow the program to run.
As instructed, press any key to continue.
Use the following option: From the Keyboard Press 2 then Enter to restore files from bak folders
A text file will open called: files.txt
Click below the line and paste the following list of files to be restored: Code: "C:\Program Files\McAfee.com\Agent\bak\bak\McAgent.exe"
"C:\Program Files\McAfee.com\Agent\bak\bak\mcupdate.exe"
"C:\Program Files\McAfee.com\Agent\bak\bak\McAgent.exe"
"C:\Program Files\McAfee.com\Agent\bak\bak\mcupdate.exe"
Next, close the text file and click Yes to save the changes.
Once files.txt is saved, FindAWF does the following:
* It attempts to terminate the process represented by each filename on the list, if running
* Deletes the rogue file from the parent folder, if present
* Copies the original file to the parent folder
When done with the above, it automatically runs a new scan and opens a new log.
Please add the new FindAWF log in your reply.
|
6th March 2008, 06:00 AM
| | Newcomer | | Join Date: Mar 2008, 17 posts. Location: United States Reputation: | | |
Here's the recent Find AWF log.
|
6th March 2008, 06:04 AM
| | Security Team | | Join Date: Dec 2007, 2,555 posts. Location: Tulsa, OK Reputation: | |
Double-click the FindAWF icon once again
If a Security Alert shows, allow the program to run.
As instructed, press any key to continue.
Use the following option: From the Keyboard Press 3 then Enter to remove bak folders
A text file will open called: folders.txt
Click below the line and paste the following list of folders to be removed: Code: C:\PROGRA~1\MCAFEE.COM\AGENT\BAK
C:\PROGRA~1\MCAFEE.COM\AGENT\BAK\BAK
Next, close the text file and click Yes to save the changes.
Once folders.txt is saved, FindAWF does the following:
* It deletes the contents of the bak folders
* Removes the bak folders
When done with the above, it automatically runs a new scan and opens a new log.
Please add the new FindAWF log in your reply.
|
6th March 2008, 06:08 AM
| | Newcomer | | Join Date: Mar 2008, 17 posts. Location: United States Reputation: | | |
Here's the recent FindAWF log.
|
6th March 2008, 06:14 AM
| | Security Team | | Join Date: Dec 2007, 2,555 posts. Location: Tulsa, OK Reputation: | |
Download OTMoveIt2 by OldTimer. - Save it to your desktop.
- Double-click OTMoveIt2.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
- Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
Code: C:\PROGRA~1\MCAFEE.COM\AGENT\BAK\BAK
- Return to OTMoveIt2, right click in the "Paste Standard List of Files/Folders to Move" window (under the light blue bar) and choose Paste.
- Click the red Moveit! button.
- Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
- Close OTMoveIt2
Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.
----------
Next post add the OTMoveIt log.
|
6th March 2008, 06:19 AM
| | Newcomer | | Join Date: Mar 2008, 17 posts. Location: United States Reputation: | | |
C:\PROGRA~1\MCAFEE.COM\AGENT\BAK\BAK moved successfully.
OTMoveIt2 v1.0.20 log created on 03062008_021726
|
6th March 2008, 06:20 AM
| | Security Team | | Join Date: Dec 2007, 2,555 posts. Location: Tulsa, OK Reputation: | | |
Double-click the FindAWF icon once again
If a Security Alert shows, allow the program to run.
As instructed, press any key to continue.
Use the following option: Press 4 then Enter to reset domain zones
This removes all entries from the domain zones.
When the program returns to the main menu, use the following option:
From the Keyboard press E then Enter to EXIT
Have you uninstalled either mcafee or avg?
|
6th March 2008, 06:22 AM
| | Newcomer | | Join Date: Mar 2008, 17 posts. Location: United States Reputation: | | |
yes, i uninstalled avg.
EDIT I have done what you told me to do in your last reply. |
6th March 2008, 06:26 AM
| | Security Team | | Join Date: Dec 2007, 2,555 posts. Location: Tulsa, OK Reputation: | |
Please download Combofix by sUBs from one of the below links.
(Try all three if necessary) Important! Combofix.exe MUST be saved to and ran from the Desktop. - Close any open Web browsers. (Firefox, Internet Explorer, etc) before starting Combofix.
- Important! Temporarily disable your antivirus, script blocking and any antispyware real time protection before performing a scan.
- Click this link to see a list of security programs that should be disabled and how to disable them.
- If yours is not listed and you don't know how to disable it, please ask.
- Warning: Combofix disconnects your computer from the internet. The connection is automatically restored before Combofix completes its run.
- Double click combofix.exe & follow the prompts.
- From the keyboard select 1 and press Enter
- When finished, it will produce a log for you.
- Post that log in your next reply.
Warning: Do not mouseclick combofix's window while it is running. That may cause it to stall- If Combofix runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your computer.
- Important: Remember to re-enable your antivirus and antispyware before reconnecting to the Internet.
----------
Run a new Hijackthis scan and post that log also.
---------- Next post add
Combofix log
NEW Hijackthis log |
6th March 2008, 06:36 AM
| | Newcomer | | Join Date: Mar 2008, 17 posts. Location: United States Reputation: | | |
Here are the ComboFix and the new hijackthis logs.
|
6th March 2008, 06:59 AM
| | Security Team | | Join Date: Dec 2007, 2,555 posts. Location: Tulsa, OK Reputation: | |
Open Hijackthis and select Do a system scan only.
Place a check mark next to the following entries: (if there) O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/noc...iInitialSetup1 .0.0.15-3.cab Important: Close all windows except for Hijackthis and then click Fix checked.
Exit Hijackthis.
----------
This scanner works with Internet Explorer only
Go to the BitDefender Online Scanner
Click I Agree to the license and then install the ActiveX control. Please DO NOT change the Scanning Options.
That will make your logs huge and we don't need to see clean files.
Select Start Scan to begin.
This scan can take a while so please be patient and let it complete.
Once Bitdefender completes the scan:
Click-on the Detected Problems tab.
Then select Click here to export the scan report 
When the window comes up to save the report, change the Save as type: box to: Text (Tab Delimited) (*.txt) and then in the File name box enter change to bdscan then click Save 
This will save a file named bdscan.txt. I would suggest saving it to the Desktop so you can easily find it. (take notice of where you save it so you can find it later)
This bdcan.txt file will actually contain HTML code that we can easily view later while reviewing your log. All we have to do is rename the file to bdscan.html. If you do not follow these step, you will have an incorrect log or worse a log summary which is useless to us
Post the bdscan.txt in the next post.
---------- Create An Uninstall List- Start HijackThis
- Click on the Open the Misc Tools section
- Click on the Open Uninstall Manager button.
- Click on the Save list button and specify where you would like to save this file and click Save.
- When you press Save button a notepad will open with the contents of that file.
- Copy and paste that list in your reply.
---------- Next post
BitDefender scan log
Uninstall list |
6th March 2008, 08:21 AM
| | Newcomer | | Join Date: Mar 2008, 17 posts. Location: United States Reputation: | | |
Ad-Aware 2007
Adobe Flash Player 9 ActiveX
Adobe Reader 7.0
Adobe Shockwave Player
Ad-Ware Pro
Anonymizer SpyWare Killer + Privacy Manager
AOL Coach Version 2.0(Build:20041026.5 en)
AOL Spyware Protection
AOL Uninstaller (Choose which Products to Remove)
AOL You've Got Pictures Screensaver
Apple Software Update
ATI Display Driver
AviSynth 2.5
Bejeweled 2 Deluxe
BigFix
Blackhawk Striker 2
Blasterball 2 Revolution
Digital Media Reader
Diner Dash
DivX Codec
DVD Solution
EA Link
Ease MIDI Converter 1.40
FATE
Final Fantasy VII
Form Fill (Windows Live Toolbar)
GameSpy Arcade
Gateway Game Console
High Definition Audio Driver Package - KB888111
HijackThis 2.0.2
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows XP (KB896256)
Hotfix for Windows XP (KB906569)
Hotfix for Windows XP (KB910728)
Hotfix for Windows XP (KB914906)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB926239)
Hotfix for Windows XP (KB935448)
HyperCam 2
iTunes
J2SE Runtime Environment 5.0 Update 11
J2SE Runtime Environment 5.0 Update 2
Java(TM) 6 Update 3
Lexmark 640 Series
LimeWire 4.12.11
Magic DVD Ripper V4.3.1
McAfee Uninstall Wizard
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0
Microsoft Digital Image Starter Edition 2006
Microsoft Halo
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Money 2006
Microsoft National Language Support Downlevel APIs
Microsoft Office Professional Edition 2003
Microsoft Office Standard Edition 2003
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Works
Mozilla Firefox (2.0.0.11)
MSXML 4.0 SP2 (KB925672)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 Parser and SDK
MySpaceIM
Nero 6 Ultra Edition
Nero BurnRights
oggcodecs 0.71.0946
OneCare Advisor (Windows Live Toolbar)
Penguins!
Polar Bowler
Polar Golfer
Power2Go 4.0
PowerDVD
Pure Networks Port Magic
QuickTime
RCA SMV Video Converter
RealPlayer Basic
REALTEK GbE & FE Ethernet PCI NIC Driver
Realtek High Definition Audio Driver
Rhapsody Player Engine
SCRABBLE
Security Update for Microsoft .NET Framework 2.0 (KB928365)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896688)
Security Update for Windows XP (KB899589)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901190)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911280)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913433)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917537)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928090)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB929969)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931768)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933566)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB937143)
Security Update for Windows XP (KB938127)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB939653)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB942615)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944533)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB946026)
Smart Menus (Windows Live Toolbar)
Soft Data Fax Modem with SmartCP
Spyware Doctor 5.1
SUPERAntiSpyware Free Edition
Tabbed Browsing (Windows Live Toolbar)
Tradewinds
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB910437)
Update for Windows XP (KB912945)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB927891)
Update for Windows XP (KB929338)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB933360)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
Update for Windows XP (KB942840)
Update for Windows XP (KB946627)
Videora iPod Converter 0.91
Viewpoint Media Player
VNC Free Edition 4.1.2
Wal-Mart Digital Photo Manager
WildTangent Web Driver
Windows Backup Utility
Windows Live Messenger
Windows Live Outlook Toolbar (Windows Live Toolbar)
Windows Live Sign-in Assistant
Windows Live Toolbar
Windows Live Toolbar
Windows Live Toolbar Extension (Windows Live Toolbar)
Windows Live Toolbar Feed Detector (Windows Live Toolbar)
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 10
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
WinZip
WWII: Normandy
Yahoo! Music Jukebox
EDIT I'm gonna go to sleep now (4:28 am atm), I will come back as soon as possible to check this later on today. See you later.
Last edited by virushater; 6th March 2008 at 08:30 AM.
|
6th March 2008, 02:49 PM
| | Security Team | | Join Date: Dec 2007, 2,555 posts. Location: Tulsa, OK Reputation: | |
Update your Mozilla Firefox Browser
Recently there have been vulnerabilities detected in older versions of Mozilla Firefox.
It is strongly suggested that you update to the current version. Mozilla Firefox 2.0.0.12
You can update it by clicking (in Firefox) Help > Check for updates...
----------  Your Java is out of date.
Older versions of Java have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version(s) of Java components and update. Step 1 - Get the new version- Go to the Sun Java Download Page
- On the Sun Java page scroll to the 4th download. Java Runtime Environment (JRE) 6 Update 5
 - Click the
 button and choose the options.- Platform Windows
- Language English
- Next place a check mark in the box to agree to the License Agreement.
- "I agree to the Java SE Runtime Environment 6 License Agreement"
- Click Continue
- Click on the link to download Windows Offline Installation and save to your desktop.
- Then from your desktop double-click on jre-6u5-windowsi586-p.exe to install the newest version.
- Follow the prompts to complete the installation.
Step 2 - Remove old version(s)- Close any programs you may have running - especially your web browser.
- Go to Start > Control Panel > Add/Remove programs and remove all older versions of Java.
- Uninstall the old versions
- J2SE Runtime Environment 5.0 Update 11
J2SE Runtime Environment 5.0 Update 2
Java(TM) 6 Update 3
- Do not remove Java 6 Update 5
- Click the Remove or Change/Remove button.
- Repeat as many times as necessary to remove each old Java version.
- Restart your computer once all Java components are removed.
Step 3 - Remove old folder(s)
- Double click My Computer on the desktop, Locate this folder: C:\Program Files\Java
- Open the Java folder and delete any subfolders except the jre1.6.0_05 folder which was just created by the newest Java installation.
----------
Back in add/remove programs uninstall these programs. - Ad-Ware Pro
- oggcodecs 0.71.0946 <-We will replace this with K-Lite
- Viewpoint Media Player
- WildTangent Web Driver
Now run CCleaner and restart the computer.
----------
Install the K-Lite Codec Pack
----------
Post a fresh Hijackthis log
Let me know how the computer is now.
|
6th March 2008, 04:56 PM
| | Newcomer | | Join Date: Mar 2008, 17 posts. Location: United States Reputation: | | |
I'm having a problem downloading the file and Sun told me it may take 1 business day to get it straightened out. As soon as I can download it and finish the other steps in your last post, I will post the Hijackthis log and let you know how the computer is at that time.
|
6th March 2008, 05:09 PM
| | TST Master | | Join Date: Dec 2007, 3,366 posts. Reputation: | |
You might want to try the following for Java instead.
Go to your control panel and double click the Java applet. When it opens, click the update tab, followed by the update now button. See if that helps.
Once it`s installed, go to add remove programmes in your control panel and uninstall all previous versions of Java, except version 6 update 5. Close Control panel.
Regards Howard |
6th March 2008, 05:33 PM
| | Newcomer | | Join Date: Mar 2008, 17 posts. Location: United States Reputation: | | |
That worked, and may I ask why I have to uninstall Ad-ware Pro?
EDIT I would also like to know, where exactly is CCleaner?
Last edited by virushater; 6th March 2008 at 05:40 PM.
|
6th March 2008, 07:15 PM
| | Security Team | | Join Date: Dec 2007, 2,555 posts. Location: Tulsa, OK Reputation: | |
Go here scroll down and read the reviews. Don't confuse A d-Ware with A d-Aware
Go here to install and run CCleaner.
How is the computer now?
| | |  Only registered members can participate in forum threads. You must register or log in to contribute.
All times are GMT. The time now is 09:12 PM.
|
|
|
Submit Your Article 
Forum Rules 
FAQ 
About Us 
Main Menu
Contact Us