dog in his pen removal help

RonRJones · Feb 6, 2008

Hello, I have recently encountered problems with my internet explorer which will freeze upon opening and only resume after a substantial amount of time. Also some programs like windows messenger and AIM stopped opening on startup and will no longer open. As of now Internet Explorer will not open. I think it is doginhispen because when I went to open one of the websites in my favorites folder the url was doginhispen briefly before changing to the website I wanted to access. I have gone through the readme so hopefully I can get some help. Thanks.

TimW · Feb 7, 2008

Let's first do this:
Download FindAWF and save the file to your Desktop

Start FindAWF.exe
Select option 2 by pressing 2 and then Enter. A text file will open (files.txt).
In that files.txt, copy and paste the following list of files to be restored:

D:\WINDOWS\bak\SiSUSBrg.exe
D:\Program Files\Trojan Remover\bak\Trjscan.exe
D:\Program Files\QuickTime\bak\qttask.exe
D:\Program Files\Messenger\bak\msmsgs.exe
D:\Program Files\Google\GoogleToolbarNotifier\bak\GoogleToolbarNotifier.exe
D:\Program Files\DAEMON Tools\bak\daemon.exe
D:\Program Files\BillP Studios\WinPatrol\bak\winpatrol.exe
Click to expand...

Close the files.txt and click Yes to save the changes.
FindAWF wil now terminate the bad processes if running, delete the bad files and restore/replace them with the good files.
Then it will open a log. Copy and paste the contents of that log in your next reply.

RonRJones · Feb 7, 2008

Thanks for the help,
I ran awf and this is what it presented.

bak folders found
~~~~~~~~~~~

Directory of D:\WINDOWS\BAK

07/12/2002 05:15 AM 106,496 SiSUSBrg.exe
1 File(s) 106,496 bytes

Directory of D:\PROGRA~1\DAEMON~1\BAK

12/10/2005 09:57 AM 133,016 daemon.exe
1 File(s) 133,016 bytes

Directory of D:\PROGRA~1\MESSEN~1\BAK

10/13/2004 11:24 AM 1,694,208 msmsgs.exe
1 File(s) 1,694,208 bytes

Directory of D:\PROGRA~1\QUICKT~1\BAK

01/17/2006 08:08 PM 155,648 qttask.exe
1 File(s) 155,648 bytes

Directory of D:\PROGRA~1\TROJAN~1\BAK

12/22/2006 12:48 PM 333,408 Trjscan.exe
1 File(s) 333,408 bytes

Directory of D:\PROGRA~1\BILLPS~1\WINPAT~1\BAK

08/02/2007 11:59 AM 292,152 winpatrol.exe
1 File(s) 292,152 bytes

Directory of D:\PROGRA~1\GOOGLE\GOOGLE~1\BAK

08/21/2007 07:25 PM 68,856 GoogleToolbarNotifier.exe
1 File(s) 68,856 bytes

Directory of D:\PROGRA~1\JAVA\JRE15~2.0_0\BIN\BAK

11/10/2005 01:03 PM 36,975 jusched.exe
1 File(s) 36,975 bytes

Duplicate files of bak directory contents
~~~~~~~~~~~~~~~~~~~~~~~

106496 Jul 12 2002 "D:\WINDOWS\SiSUSBrg.exe"
106496 Jul 12 2002 "D:\WINDOWS\bak\SiSUSBrg.exe"
14860 Feb 4 2008 "D:\Program Files\DAEMON Tools\daemon.exe"
133016 Dec 10 2005 "D:\Program Files\DAEMON Tools\bak\daemon.exe"
14860 Feb 4 2008 "D:\Program Files\Messenger\msmsgs.exe"
1667584 Aug 4 2004 "D:\WINDOWS\$NtUninstallKB887472$\msmsgs.exe"
1694208 Oct 13 2004 "D:\Program Files\Messenger\bak\msmsgs.exe"
1694208 Oct 13 2004 "D:\WINDOWS\$hf_mig$\KB887472\SP2QFE\msmsgs.exe"
14860 Feb 4 2008 "D:\Program Files\QuickTime\qttask.exe"
155648 Jan 17 2006 "D:\Program Files\QuickTime\bak\qttask.exe"
14860 Feb 4 2008 "D:\Program Files\Trojan Remover\Trjscan.exe"
333408 Dec 22 2006 "D:\Program Files\Trojan Remover\bak\Trjscan.exe"
14860 Feb 4 2008 "D:\Program Files\BillP Studios\WinPatrol\winpatrol.exe"
292152 Aug 2 2007 "D:\Program Files\BillP Studios\WinPatrol\bak\winpatrol.exe"
52272 Jan 27 2007 "D:\Program Files\Google\googletoolbar3user.exe"
14860 Feb 4 2008 "D:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
138168 Jan 27 2007 "D:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe"
68856 Aug 21 2007 "D:\Program Files\Google\GoogleToolbarNotifier\bak\GoogleToolbarNotifier.exe"
144784 Dec 14 2007 "D:\Program Files\Java\jre1.6.0_04\bin\jusched.exe"
36975 Nov 10 2005 "D:\Program Files\Java\jre1.5.0_06\bin\bak\jusched.exe"

end of report

TimW · Feb 8, 2008

Start FindAWF, select Option 3, by pressing 3 and then enter.
This will open the text file folders.txt
Copy and paste the following list in it:

D:\Program Files\DAEMON Tools\bak\daemon.exe
D:\Program Files\Messenger\bak\msmsgs.exe
D:\Program Files\QuickTime\bak\qttask.exe
D:\Program Files\Trojan Remover\bak\Trjscan.exe
D:\Program Files\BillP Studios\WinPatrol\bak\winpatrol.exe
D:\Program Files\Google\GoogleToolbarNotifier\bak\GoogleToolbarNotifier.exe

Then close folders.txt and let it save the changes.
FindAWF will now remove the bak folders and open a log afterwards.
Post the log in your next reply.

Please download DelDomains and unzip it to your desktop. Do not run it yet.

Find the files from deldomains.zip on your Desktop and RightClick on the deldomains.inf file and select Install.

(Please note if you have Spybot S&D installed you will need to "Immunize" again because deldomains will remove all of the sites Spybot adds.)

Next Download HostsXpert and then follow the below steps.

* Unzip HostsXpert.zip
* It will create a folder named HostsXpert in whatever folder you extract it to.
* Run HostsXpert.exe by double clicking on it.
* click the Make Writeable? button.
* click Restore Microsoft's Hosts File and then click OK.
* Click the X to exit the program

Also attach a new MGLogs.zip

RonRJones · Feb 8, 2008

AVG popped up a couple times saying that the files we used in option 2 of FindAWF were infected and "healed" them immediately. I ran FindAwF option 3 this is what it gave me

bak folders found
~~~~~~~~~~~

Directory of D:\WINDOWS\BAK

07/12/2002 05:15 AM 106,496 SiSUSBrg.exe
1 File(s) 106,496 bytes

Directory of D:\PROGRA~1\DAEMON~1\BAK

12/10/2005 09:57 AM 133,016 daemon.exe
1 File(s) 133,016 bytes

Directory of D:\PROGRA~1\MESSEN~1\BAK

10/13/2004 11:24 AM 1,694,208 msmsgs.exe
1 File(s) 1,694,208 bytes

Directory of D:\PROGRA~1\QUICKT~1\BAK

01/17/2006 08:08 PM 155,648 qttask.exe
1 File(s) 155,648 bytes

Directory of D:\PROGRA~1\TROJAN~1\BAK

12/22/2006 12:48 PM 333,408 Trjscan.exe
1 File(s) 333,408 bytes

Directory of D:\PROGRA~1\BILLPS~1\WINPAT~1\BAK

08/02/2007 11:59 AM 292,152 winpatrol.exe
1 File(s) 292,152 bytes

Directory of D:\PROGRA~1\GOOGLE\GOOGLE~1\BAK

08/21/2007 07:25 PM 68,856 GoogleToolbarNotifier.exe
1 File(s) 68,856 bytes

Directory of D:\PROGRA~1\JAVA\JRE15~2.0_0\BIN\BAK

11/10/2005 01:03 PM 36,975 jusched.exe
1 File(s) 36,975 bytes

Duplicate files of bak directory contents
~~~~~~~~~~~~~~~~~~~~~~~

106496 Jul 12 2002 "D:\WINDOWS\SiSUSBrg.exe"
106496 Jul 12 2002 "D:\WINDOWS\bak\SiSUSBrg.exe"
14860 Feb 4 2008 "D:\Program Files\DAEMON Tools\daemon.exe"
133016 Dec 10 2005 "D:\Program Files\DAEMON Tools\bak\daemon.exe"
1667584 Aug 4 2004 "D:\WINDOWS\$NtUninstallKB887472$\msmsgs.exe"
1694208 Oct 13 2004 "D:\Program Files\Messenger\bak\msmsgs.exe"
1694208 Oct 13 2004 "D:\WINDOWS\$hf_mig$\KB887472\SP2QFE\msmsgs.exe"
155648 Jan 17 2006 "D:\Program Files\QuickTime\bak\qttask.exe"
333408 Dec 22 2006 "D:\Program Files\Trojan Remover\bak\Trjscan.exe"
292152 Aug 2 2007 "D:\Program Files\BillP Studios\WinPatrol\bak\winpatrol.exe"
52272 Jan 27 2007 "D:\Program Files\Google\googletoolbar3user.exe"
138168 Jan 27 2007 "D:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe"
68856 Aug 21 2007 "D:\Program Files\Google\GoogleToolbarNotifier\bak\GoogleToolbarNotifier.exe"
144784 Dec 14 2007 "D:\Program Files\Java\jre1.6.0_04\bin\jusched.exe"
36975 Nov 10 2005 "D:\Program Files\Java\jre1.5.0_06\bin\bak\jusched.exe"

end of report

TimW · Feb 8, 2008

Double-click the FindAWF icon once again

If a Security Alert shows, allow the program to run.
As instructed, press any key to continue.
Use the following option: Press 4 then Enter to reset domain zones

This removes all entries from the domain zones.
When the program returns to the main menu, use the following option:
Press E then Enter to EXIT

Tell me how things are running.

RonRJones · Feb 8, 2008

Everything is running a lot better Internet Explorer works fine as do the other programs that I was having trouble with.

TimW · Feb 8, 2008

Sweet....If you are not having any other malware problems, it is time to do our final steps:

1. If we used Pocket Killbox during your cleanup, do the below
* Run Pocket Killbox and select File, Cleanup, Delete All Backups
2. If we used ComboFix, you can delete the ComboFix.exe file, C:\ComboFix folder, C:\QooBox folder, C:\WINDOWS\nircmd.exe, C:\combofix.txt and C:\ComboFix-quarantined-files.txt logs that was created.
3. If we user SDFix you can delete all the SDFix related files and folders from your Desktop or whereever you installed it.
4. If we used SmitFraudFix, you can delete all files and folders related to it now including the c:\rapport.txt log.
5. If we used VundoFix, you can delete the VundoFix.exe file and the C:\VundoFix Backups folder and C:\vundofix.txt log that was created.
6. If we had your run FixWareOut, you can delete the Fixwareout.exe file and the C:\fixwareout folder.
7. If we had you run Avenger, you can delete all files related to Avenger now.
8. If we had you download any registry patches like fixme.reg or fixWLK.reg (or any others), you can delete these files now.
9. You can delete the C:\MGtools folder and the C:\MGtools.exe file. You can also delete the C:\MGlogs.zip
10. If you are running Windows XP or Windows ME, do the below:
* Refer to the cleaning steps in the READ ME for your Window version and see the steps to Disable System Restore which will flush your Restore Points.
* Then reboot and Enable System Restore to create a new clean Restore Point.
11. After doing the above, you should work thru the below link:
* How to Protect yourself from malware!

Log in or Sign up

dog in his pen removal help

RonRJones Private E-2

Attached Files:

MGlogs.zip

ComboFix.txt

Report-Scan-20080206-174128.txt

TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

RonRJones Private E-2

TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

RonRJones Private E-2

Attached Files:

MGlogs.zip

TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

RonRJones Private E-2

TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member