help, another whataboutadog problem

[bbaltoss]

hello, This is my first time. When I try to connect to the interenet, my PC just sits there. I checked my log files for Norton and there was connections for whataboutadog and doginhispen. I blocked those IP sites and when I did a search on whataboutadog, I found myself at this site. I realized that others were having the same problem. Log files are attached.

 

[Rik]

Double-click FindAWF.exe to start the tool. Then, do the following
Select "option #2 - Restore files from bak folders" by typing 2 and press Enter .
A text file will open up. Please copy/paste the following text from the quote box (all except the word QUOTE) into the text file.

28172 Oct 5 2007 "C:\Program Files\DellSupport\DSAgnt.exe"
460784 Mar 15 2007 "C:\Program Files\DellSupport\bak\DSAgnt.exe"
28172 Oct 5 2007 "C:\Program Files\QuickTime\qttask.exe"
98304 May 8 2007 "C:\Program Files\QuickTime\bak\qttask.exe"
28172 Oct 5 2007 "C:\WINDOWS\SYSTEM32\DSentry.exe"
28672 Aug 13 2003 "C:\WINDOWS\SYSTEM32\bak\DSentry.exe"
28172 Oct 5 2007 "C:\Program Files\Dell\Media Experience\PCMService.exe"
204800 Aug 26 2003 "C:\Program Files\Dell\Media Experience\bak\PCMService.exe"
19889568 Sep 26 2006 "C:\GoogleSketchUpWEN.exe"
52272 Feb 10 2007 "C:\Program Files\Google\googletoolbar3user.exe"
28172 Oct 5 2007 "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
138168 Feb 10 2007 "C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe"
68856 Jul 21 2007 "C:\Program Files\Google\GoogleToolbarNotifier\bak\GoogleToolbarNotifier.exe"
28172 Oct 5 2007 "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
49152 May 12 2005 "C:\Program Files\HP\HP Software Update\bak\HPWuSchd2.exe"
28172 Oct 5 2007 "C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe"
90112 Aug 14 2002 "C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\bak\mm_tray.exe"
114741 Aug 6 2003 "C:\WINDOWS\SYSTEM32\dla\bak\tfswctrl.exe"
28172 Oct 5 2007 "C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe"
28672 Jul 16 2002 "C:\Program Files\Common Files\Microsoft Shared\Works Shared\bak\WkUFind.exe"
28172 Oct 5 2007 "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"
180269 Dec 30 2006 "C:\Program Files\Common Files\Real\Update_OB\bak\realsched.exe"
28172 Oct 5 2007 "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe"
110592 Aug 19 2003 "C:\Program Files\Common Files\Sonic\Update Manager\bak\sgtray.exe"
28172 Oct 5 2007 "C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\hpztsb03.exe"
200704 Jun 12 2001 "C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\bak\hpztsb03.exe"

Close the .txt file and click Yes to save the changes.
When the tool has completed, a report will open up in notepad. Please post the results of the awf.txt in your next reply as an attachment.





This thread is for the use of bbaltoss only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[bbaltoss]

Option 2 ran successfully. Attached is my awf.txt from that run. Thanks so very much for you help.

 

[Rik]

Please double-click the FindAWF icon once again
This time we are going to remove some folders.


Use the following option: Press 3 then Enter to remove bak folders


A text file opens called: folders.txt
Click below the line and paste the following list of folders to be removed:

C:\Program Files\DellSupport\bak
C:\Program Files\QuickTime\bak
C:\WINDOWS\SYSTEM32\bak
C:\Program Files\Dell\Media Experience\bak
C:\Program Files\Google\GoogleToolbarNotifier\bak
C:\Program Files\HP\HP Software Update\bak
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\bak
C:\Program Files\Common Files\Microsoft Shared\Works Shared\bak
C:\Program Files\Common Files\Real\Update_OB\bak
C:\Program Files\Common Files\Sonic\Update Manager\bak
C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\bak

Next, close and click Yes to save the changes.

When done with the above, FindAWF automatically runs a new scan and opens a new log that you need to post.
Please provide the new FindAWF log



This thread is for the use of bbaltoss only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[bbaltoss]

Thanks again, Option 3 ran good. Here is the file.

 

[Rik]

Sorry, I must have missed one.
Please double-click the FindAWF icon once again.

Select "option #1 - Scan for bak folders" by typing 1 and press Enter
When the tool has completed, a report will open up in notepad. Please post the results of the awf.txt as an attachment.



This thread is for the use of bbaltoss only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[bbaltoss]

Rik,
I reran the awf and the text file is attached. I'm ready for the next step.
thanks

 

[Rik]

Your system was infected with a trojan called Downloader.Agent.awf. It replaces legitimate files that are common on most computers with an infected file. Then, it moves the legitimate files to a bak or backup folder.

Running FindAWF allows us to identify the files that are infected, as well as the backups and then restore the files.


To finish, run Option 4.

Double-click the FindAWF icon once again.
Use the following option: Press 4 then Enter to reset domain zones.


When the program returns to the main menu, use the following option:
Press E then Enter to EXIT.

Once done.
Go and read the Viruses/Spyware/Malware, preliminary removal instructions. Follow all the instructions exactly.

Post fresh HJT, Combofix, and AVG Antispyware logs as ATTACHMENTS into this thread, only after doing the above.


Also, let me know the results of the Panda Antirootkit scan.


This thread is for the use of bbaltoss only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.