Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Adoginhispen Virus... Log Included


  • This topic is locked This topic is locked
1 reply to this topic

#1 lanean

lanean

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:01:21 AM

Posted 06 February 2008 - 12:22 AM

I need help getting rid of this adoginpen virus.... not sure what I need to do. I did run AWF option 1... since that is what most seem to need to do. Any help is greatly grealy appreciated.


Find AWF report by noahdfear 2006
Version 1.40

The current date is: Tue 02/05/2008
The current time is: 21:14:55.18


bak folders found
~~~~~~~~~~~


Directory of C:\PROGRA~1\DELLAI~1\BAK

05/02/2003 04:46 PM 270,336 dlbkbmgr.exe
1 File(s) 270,336 bytes

Directory of C:\PROGRA~1\MSNMES~1\BAK

0 File(s) 0 bytes

Directory of C:\PROGRA~1\QUICKT~1\BAK

09/01/2006 03:57 PM 282,624 qttask.exe
1 File(s) 282,624 bytes

Directory of C:\WINDOWS\SYSTEM32\BAK

08/03/2004 11:56 PM 15,360 ctfmon.exe
08/13/2003 08:27 AM 28,672 DSentry.exe
09/20/2005 08:32 AM 77,824 hkcmd.exe
01/06/2006 08:35 PM 622,592 hphmon06.exe
09/20/2005 08:36 AM 114,688 igfxpers.exe
09/20/2005 08:35 AM 94,208 igfxtray.exe
6 File(s) 953,344 bytes

Directory of C:\PROGRA~1\DELL\MEDIAE~1\BAK

08/26/2003 05:47 PM 204,800 PCMService.exe
1 File(s) 204,800 bytes

Directory of C:\PROGRA~1\HP\HPSOFT~1\BAK

09/13/2004 03:49 PM 49,152 HPWuSchd2.exe
1 File(s) 49,152 bytes

Directory of C:\PROGRA~1\HP\{BA2D9~1\BAK

01/06/2006 08:35 PM 49,152 hphupd06.exe
1 File(s) 49,152 bytes

Directory of C:\PROGRA~1\INTEL\MODEME~1\BAK

09/03/2003 06:12 PM 221,184 IntelMEM.exe
1 File(s) 221,184 bytes

Directory of C:\PROGRA~1\MCAFEE\SPAMKI~1\BAK

06/16/2004 11:33 PM 98,304 MskAgent.exe
08/03/2004 06:18 PM 1,083,392 MskDetct.exe
2 File(s) 1,181,696 bytes

Directory of C:\PROGRA~1\MCAFEE.COM\AGENT\BAK

09/22/2005 06:29 PM 303,104 mcagent.exe
01/11/2006 12:05 PM 212,992 mcupdate.exe
2 File(s) 516,096 bytes

Directory of C:\PROGRA~1\MCAFEE.COM\MPS\BAK

09/28/2004 03:02 PM 249,856 mscifapp.exe
1 File(s) 249,856 bytes

Directory of C:\PROGRA~1\MCAFEE.COM\PERSON~1\BAK

11/11/2005 04:00 PM 1,005,096 MpfTray.exe
1 File(s) 1,005,096 bytes

Directory of C:\PROGRA~1\MCAFEE.COM\VSO\BAK

07/08/2005 06:18 PM 151,552 mcmnhdlr.exe
08/10/2005 12:49 PM 163,840 mcvsshld.exe
08/11/2005 10:02 PM 53,248 oasclnt.exe
3 File(s) 368,640 bytes

Directory of C:\PROGRA~1\MUSICM~1\MUSICM~2\BAK

01/17/2006 01:03 PM 135,168 mm_tray.exe
01/17/2006 01:03 PM 53,248 mmtask.exe
2 File(s) 188,416 bytes

Directory of C:\PROGRA~1\YAHOO!\MESSEN~1\BAK

03/27/2007 02:22 PM 4,670,968 YAHOOM~1.EXE
1 File(s) 4,670,968 bytes

Directory of C:\WINDOWS\SYSTEM32\DLA\BAK

08/05/2003 11:04 PM 114,741 tfswctrl.exe
1 File(s) 114,741 bytes

Directory of C:\PROGRA~1\COMMON~1\DELL\EUSW\BAK

10/13/2005 10:26 PM 69,632 Support.exe
1 File(s) 69,632 bytes

Directory of C:\PROGRA~1\COMMON~1\MICROS~1\WORKSS~1\BAK

12/05/2003 08:08 PM 50,688 WkUFind.exe
1 File(s) 50,688 bytes

Directory of C:\PROGRA~1\COMMON~1\REAL\UPDATE~1\BAK

05/06/2007 03:42 PM 180,269 realsched.exe
1 File(s) 180,269 bytes

Directory of C:\PROGRA~1\COMMON~1\SONIC\UPDATE~1\BAK

08/18/2003 11:01 PM 110,592 sgtray.exe
1 File(s) 110,592 bytes

Directory of C:\PROGRA~1\HEWLET~1\PHOTOS~1\PHOTOI~1\BAK

08/14/2000 03:48 PM 32,768 Hpi_Monitor.exe
1 File(s) 32,768 bytes

Directory of C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\BAK

01/06/2006 08:35 PM 172,032 hpztsb13.exe
1 File(s) 172,032 bytes


Duplicate files of bak directory contents
~~~~~~~~~~~~~~~~~~~~~~~

14348 Jan 28 2008 "C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe"
270336 May 2 2003 "C:\Program Files\Dell AIO Printer A920\bak\dlbkbmgr.exe"
14348 Jan 28 2008 "C:\Program Files\QuickTime\qttask.exe"
282624 Sep 1 2006 "C:\Program Files\QuickTime\bak\qttask.exe"
15360 Aug 3 2004 "C:\WINDOWS\SYSTEM32\ctfmon.exe"
15360 Aug 3 2004 "C:\WINDOWS\SYSTEM32\bak\ctfmon.exe"
14348 Jan 28 2008 "C:\WINDOWS\SYSTEM32\DSentry.exe"
28672 Aug 13 2003 "C:\WINDOWS\SYSTEM32\bak\DSentry.exe"
114688 Apr 6 2003 "C:\DRIVERS\VIDEO\HKCMD.EXE"
14348 Jan 28 2008 "C:\WINDOWS\SYSTEM32\hkcmd.exe"
77824 Sep 20 2005 "C:\WINDOWS\SYSTEM32\bak\hkcmd.exe"
114688 Apr 6 2003 "C:\WINDOWS\SYSTEM32\ReinstallBackups\0013\DriverFiles\hkcmd.exe"
14348 Jan 28 2008 "C:\WINDOWS\SYSTEM32\hphmon06.exe"
622592 Jan 6 2006 "C:\WINDOWS\SYSTEM32\bak\hphmon06.exe"
622592 Jan 6 2006 "C:\Documents and Settings\Kris\Local Settings\Temp\photosmart6.2\enu\non_net\enu\HPHmon06.exe"
14348 Jan 28 2008 "C:\WINDOWS\SYSTEM32\igfxpers.exe"
114688 Sep 20 2005 "C:\WINDOWS\SYSTEM32\bak\igfxpers.exe"
155648 Apr 6 2003 "C:\DRIVERS\VIDEO\IGFXTRAY.EXE"
14348 Jan 28 2008 "C:\WINDOWS\SYSTEM32\igfxtray.exe"
94208 Sep 20 2005 "C:\WINDOWS\SYSTEM32\bak\igfxtray.exe"
155648 Apr 6 2003 "C:\WINDOWS\SYSTEM32\ReinstallBackups\0013\DriverFiles\igfxtray.exe"
14348 Jan 28 2008 "C:\Program Files\Dell\Media Experience\PCMService.exe"
204800 Aug 26 2003 "C:\Program Files\Dell\Media Experience\bak\PCMService.exe"
14348 Jan 28 2008 "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
49152 Sep 13 2004 "C:\Program Files\HP\HP Software Update\bak\HPWuSchd2.exe"
14348 Jan 28 2008 "C:\Program Files\HP\{BA2D9411-DBB4-43e4-9421-780413650A67}\hphupd06.exe"
49152 Jan 6 2006 "C:\Program Files\HP\{BA2D9411-DBB4-43e4-9421-780413650A67}\bak\hphupd06.exe"
49152 Jan 6 2006 "C:\Documents and Settings\Kris\Local Settings\Temp\photosmart6.2\enu\non_net\Patch\Uninst\HPHupd06.exe"
14348 Jan 28 2008 "C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe"
221184 Sep 3 2003 "C:\Program Files\Intel\Modem Event Monitor\bak\IntelMEM.exe"
14348 Jan 28 2008 "C:\Program Files\McAfee\SpamKiller\MskAgent.exe"
98304 Jun 16 2004 "C:\Program Files\McAfee\SpamKiller\bak\MskAgent.exe"
14348 Jan 28 2008 "C:\Program Files\McAfee\SpamKiller\MskDetct.exe"
1083392 Aug 3 2004 "C:\Program Files\McAfee\SpamKiller\bak\MskDetct.exe"
14348 Jan 28 2008 "C:\Program Files\McAfee.com\Agent\mcagent.exe"
303104 Sep 22 2005 "C:\Program Files\McAfee.com\Agent\bak\mcagent.exe"
14348 Jan 28 2008 "C:\Program Files\McAfee.com\Agent\mcupdate.exe"
212992 Jan 11 2006 "C:\Program Files\McAfee.com\Agent\bak\mcupdate.exe"
14348 Jan 28 2008 "C:\Program Files\McAfee.com\MPS\mscifapp.exe"
249856 Sep 28 2004 "C:\Program Files\McAfee.com\MPS\bak\mscifapp.exe"
14348 Jan 28 2008 "C:\Program Files\McAfee.com\Personal Firewall\MpfTray.exe"
1005096 Nov 11 2005 "C:\Program Files\McAfee.com\Personal Firewall\bak\MpfTray.exe"
14348 Jan 28 2008 "C:\Program Files\McAfee.com\VSO\mcmnhdlr.exe"
151552 Jul 8 2005 "C:\Program Files\McAfee.com\VSO\bak\mcmnhdlr.exe"
14348 Jan 28 2008 "C:\Program Files\McAfee.com\VSO\mcvsshld.exe"
163840 Aug 10 2005 "C:\Program Files\McAfee.com\VSO\bak\mcvsshld.exe"
14348 Jan 28 2008 "C:\Program Files\McAfee.com\VSO\oasclnt.exe"
53248 Aug 11 2005 "C:\Program Files\McAfee.com\VSO\bak\oasclnt.exe"
14348 Jan 28 2008 "C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe"
53248 Jan 17 2006 "C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\bak\mmtask.exe"
14348 Jan 28 2008 "C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe"
110592 Apr 16 2006 "C:\Program Files\MUSICMATCH\MUSICMATCH Update\MMJB\mm_tray.exe"
135168 Jan 17 2006 "C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\bak\mm_tray.exe"
14348 Jan 28 2008 "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"
4670968 Mar 27 2007 "C:\Program Files\Yahoo!\Messenger\bak\YAHOOM~1.EXE"
14348 Jan 28 2008 "C:\WINDOWS\SYSTEM32\dla\tfswctrl.exe"
114741 Aug 5 2003 "C:\Program Files\Sonic\DLA\install\tfswctrl.exe"
114741 Aug 5 2003 "C:\WINDOWS\SYSTEM32\dla\bak\tfswctrl.exe"
14348 Jan 28 2008 "C:\Program Files\Common Files\Dell\EUSW\Support.exe"
77824 May 27 2004 "C:\Program Files\Dell\Support\bin\Support.exe"
69632 Oct 13 2005 "C:\Program Files\Common Files\Dell\EUSW\bak\Support.exe"
323584 May 27 2004 "C:\Documents and Settings\All Users\Application Data\Dell\Alert\491\Support.exe"
69632 Oct 13 2005 "C:\Documents and Settings\All Users\Application Data\Dell\Alert\588\Support.exe"
14348 Jan 28 2008 "C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe"
50688 Dec 5 2003 "C:\Program Files\Common Files\Microsoft Shared\Works Shared\bak\WkUFind.exe"
14348 Jan 28 2008 "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"
180269 May 6 2007 "C:\Program Files\Common Files\Real\Update_OB\bak\realsched.exe"
14348 Jan 28 2008 "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe"
110592 Aug 18 2003 "C:\Program Files\Common Files\Sonic\Update Manager\bak\sgtray.exe"
14348 Jan 28 2008 "C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe"
32768 Aug 14 2000 "C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Imaging\bak\Hpi_Monitor.exe"
14348 Jan 28 2008 "C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\hpztsb13.exe"
172032 Jan 6 2006 "C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\bak\hpztsb13.exe"


end of report

BC AdBot (Login to Remove)

 


m

#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,173 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:01:21 AM

Posted 08 February 2008 - 10:19 PM

Now that your log is properly posted, you should NOT make further changes to your computer (install/uninstall programs, use special fix tools, delete files, edit the registry, etc) unless advised by a HJT Team member, nor should you continue to ask for help elsewhere. Doing so can result in system changes which may not show it the log you already posted. Further, any modifications you make on your own may cause confusion for the helper assisting you and could complicate the malware removal process which would extend the time it takes to clean your computer.

From this point on the HJT Team should be the only members that you take advice from, until they have verified your log as clean.

Please be patient. It may take a while to get a response because the HJT Team members are very busy working logs posted before yours. They are volunteers who will help you out as soon as possible. Once you have made your post and are waiting, please DO NOT make another reply until it has been responded to by a member of the HJT Team. Generally the staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response there will be 1 reply. A team member, looking for a new log to work may assume another HJT Team member is already assisting you and not open the thread to respond.

If after 5 days you still have received no response, then post a link to your HJT log in the thread titled "Haven't Had A Reply In Five Days?".

To avoid confusion, I am closing this topic.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users