Solved:whataboutadog.com - Help

Status
Not open for further replies.
J

Joeyg

Posts: 6   +0
Hello all,

While checking the Trusted Sites list I noticed a *b.whataboutadog.com ... not sure how or why this is there, but would truly appreciate your help.

Attached are my HijackThis logs.txt and the awf.txt. Any help in resolving this I do appreciate. New to your forum, but it looks like you all jump right into the problems and help everyone all.

Here are the attached logs:

View attachment hijackthisOct152007.txt

View attachment awf15OCT2007.txt

Thanks much,

Joeyg.
 
Hello and welcome to Techspot.

Very Important: Before deciding whether you should clean or reformat your system, go and read this thread HERE and decide what it is you want to do.

If after reading the above, you wish to clean your system, do the following.

Right click on this link DelO15Domains.inf and choose Save As. Save it to your desktop. Right click on that file and choose Install. It will run immediately (you won't be able to see anything happen). You may delete it afterwards. NOTE: This script will delete any sites you may have added to the Trusted Sites. So if you want them back, you have to add them back to the Trusted Sites again.

Double-click FindAWF.exe to start the tool. Then, do the following
Select "option #2 - Restore files from bak folders" by typing 2 and press Enter .
A text file will open up. Please copy/paste the following text from the quote box (all except the word QUOTE) into the text file.
C:\WINDOWS\bak\GWMDMpi.exe
"C:\Program Files\iTunes\bak\iTunesHelper.exe"
"C:\Program Files\QuickTime\bak\qttask.exe"
"C:\Program Files\Spybot - Search & Destroy\bak\TeaTimer.exe"
"C:\WINDOWS\system32\bak\ctfmon.exe"
"C:\Program Files\Creative\SBAudigy\Program\bak\ADGJDet.exe"
"C:\Program Files\Java\jre1.6.0_03\bin\bak\jusched.exe"
"C:\WINDOWS\system32\spool\drivers\w32x86\3\bak\hpztsb04.exe"
Click to expand...

Close the .txt file and click Yes to save the changes.
When the tool has completed, a report will open up in notepad. Please post the results of the awf.txt in your next reply as an attachment.

Regards Howard :wave: :wave:

This thread is for the use of Joeyg only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
 
whataboutadog.com - Part 2

Hello Howard,

Thank-you for the welcome ... much appreciated. I can't over how "very fast, courteous and detailed your response is," even for a novice like me - very easy to understand and follow.

Here are the latest results of thw awt.txt after running the Del015Domains.inf program.

Also, I ran the HijackThis just before hearing from you again and that whataboutadog.com showed up in 015 Trusted Zones, but its not there now.
View attachment awf.txt

Let me know ... what to do next ... your response time is awesome!!!

I appreciate your help and time!!!

Joeyg.
 
Please double-click the FindAWF icon once again
This time we are going to remove some folders.


Use the following option: Press 3 then Enter to remove bak folders


A text file opens called: folders.txt
Click below the line and paste the following list of folders to be removed:


C:\WINDOWS\bak
C:\Program Files\iTunes\bak
C:\Program Files\QuickTime\bak
C:\Program Files\Spybot - Search & Destroy\bak
C:\WINDOWS\system32\bak
C:\Program Files\Creative\SBAudigy\Program\bak
C:\Program Files\Java\jre1.6.0_03\bin\bak
C:\WINDOWS\system32\spool\drivers\w32x86\3\bak
Click to expand...


Next, close and click Yes to save the changes.

When done with the above, FindAWF automatically runs a new scan and opens a new log that you need to post.
Please provide the new FindAWF log

Regards Howard :)

This thread is for the use of Joeyg only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
 
There`s one bak file that`s being stubborn, so we`re going to delete it manually.

You might want to copy and paste these instructions into a notepad file. Then you can have the file open in safe mode, so you can follow the instructions easier.

Boot into safe mode, under your normal user name(NOT THE ADMINISTRATOR ACCOUNT). See how HERE.

In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how HERE.

Open your task manager, by holding down the ctrl and alt keys and pressing the delete key.

Click on the processes tab and end process for(if there).

TeaTimer.exe

Close task manager.

Locate and delete the following bold files and/or directories(if there).


C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Spybot - Search & Destroy\bak<Delete the entire folder.

Reboot into normal mode and rehide your protected OS files.

Reinstall Spybot Search & Destroy.

Please download FindAWF to your Desktop.
Double-click FindAWF.exe to start the tool.
Select "option #1 - Scan for bak folders" by typing 1 and press Enter
When the tool has completed, a report will open up in notepad. Please post the results of the awf.txt as an attachment.

Regards Howard :)

This thread is for the use of Joeyg only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
 
whataboutadog - Part 4

Hello Howard,

It took a few mins, but I did as you requested ...

It didn't have the TeaTimer.exe listed under the Task Mgr;
however, I did locate the files and directory and deleted the
TeaTimer.exe file and the Search&destroy\bak (entire) folder

All in Safe Mode, rebooted and then reinstalled the Spybot
Search & Destroy program. Here are the results of running
the awf option 1.

View attachment awf.txt


Thanks much,

Joeyg.
 
The awf.txt is now clean.

Now, in the interests of making sure your system is clean, please do the following.

Go and read the Viruses/Spyware/Malware, preliminary removal instructions. Follow all the instructions exactly.

Post fresh HJT, AVG Antispyware and Combofix logs as attachments into this thread, only after doing the above.

Also, let me know the results of the Panda Antirootkit scan.

Regards Howard :)

This thread is for the use of Joeyg only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
 
Howard,

I'm back ... but fading quick ... have to be to work in 4 hours, so I need a little shuteye ... here is the results so far:

The Panda Antirootkit scan was fine about 5313 items checked - 0
problems detected. Here are the latest HijackThis log and the ComboFixLog.

If you don't mind I'll run the AVG Antispyware tonight and get back with you then on that last one ... let me know how these look...

View attachment 23521

View attachment 23522

Howard you have been great support and I'll have the final log to you later today ... let me know how these look.

Thank-you and have a "great day" my friend ...

Joeyg.

Howard,

Good morning or afternoon in your neck of the woods ...

Question in that last HijackThis log I posted ... is that
first line ok .. begginning with the RO ...about:blank???

Just checking...

Thank-you ... you have been FANtastic!!!

Joey g.
 
You didn`t attach an AVG Antispyware log.

The R0 entry is ok, but you can fix it if you want.

Run HJT with no other programmes open(except notepad). Click the scan button. Have HJT fix the following, by placing a tick in the little box next to(if there).

O1 - Hosts: 69.253.151.209 idenupdate.motorola.com

O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://appldnld.m7z.net/content.info.apple.com/iTunes4/WW/win/019-0312.20050111. MmVrT/iTunesSetup.exe

O16 - DPF: {739E8D90-2F4C-43AD-A1B8-66C356FCEA35} (RunExeActiveX.RunExe) - hcp://system/RunExeActiveX.CAB

O16 - DPF: {99CDFD87-F97A-42E1-9C13-D18220D90AD1} (StartFirstControl.CheckFirst) - hcp://system/StartFirstControl.CAB

O16 - DPF: {D9CDEFE3-51BB-4737-A12C-53D9814A148C} (DAX Control) - https://owa.howardcc.edu/exchweb/controls/DAX.cab

O16 - DPF: {E7D2588A-7FB5-47DC-8830-832605661009} - http://liveca12.custhelp.com/7530-b327h/rnl/java/RntX.cab

Click on the fix checked button.

Close HJT and reboot your system.

Other than that, your HJT log is clean.

Your Combofix log looks fine.

Unless you`re having problems, you should be good to go.

If you`re not having problems, please do the following.

Turn off system restore.(XP/ME only) See how HERE.

Now, turn system restore back on. This will have deleted all your old restore points and any nasties that are in them. It will also have created a new, clean restore point.


If you have any further virus/spyware problems, please post in this thread.

Regards Howard :)

This thread is for the use of Joeyg only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
 
FANtastic ...

Howard,

You have been great ... I can't thank-you enough for your
"quick, professional and courteous response!"

Thank-you for taking a burden off my shoulders ...

Take care and enjoy your evening ...

Joey g.

This thread is now closed: If you need this thread unlocking, please pm a moderator with a link to the thread.

Only the original thread starter can do this. Anyone else, will be ignored.
 
Status
Not open for further replies.

Similar threads

E
I have been taken over by a software called Astanda using XML to Log everything and roaming to an SQL server.
Replies
0
Views
480
eriksnyman1
E
Senius
What would my FPS be low with 4090?
Replies
1
Views
863
Nelson28
N
Cal Jeffrey
X/Twitter iPhone app adds passkey support for more secure logins
Replies
3
Views
177
Cal Jeffrey
Cal Jeffrey

Latest posts

Back