[laz]

This is our first posting. We need help removing a.doginhispen from my daughter's laptop. The laptop is critical for her for school. Please help. I am not sure how the posting work yet, I am new to this.
Thanks

[Jason]

Thread moved to correct forum.

Please follow the instructions in this thread here, and then post the requested logs.

A member of the 'Security Team' will be along shortly to tend to you hereafter.

Regards Jason

[laz]

I must tell your quick reply makes a person no longer feel alone. I was lost and did not know how take care of this problem I have (and it is for someone extremely important to me, my daughter). Now I feel like I have a life line.

Also I am a big fan of Einstein and agree with the quote

right after saving the file in step 2 of FindAWF.exe I got a firewall error saying a configuration was changed. What do I do?

[Howard]

Hello and welcome to

When you get the firewall error, does it give you any options on how to proceed?

Regards Howard

This thread is for the use of laz only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our malware Removal forum.

[laz]

it gave me a error saying that the setting were changed
did I want to allow the changes or canel and go back to the orignial settings
i allowed the chages and moved on
is that ok?

Step 4 states that it will remove all entries fom internet zone trusted zone and restricted zone for IE. Should I allow this? Can I exist and check if I have restricted zone and copy them done for entry later?

[Howard]

Yes that`s fine mate.

Yes, you should allow awf to reset your trusted zone entries.

Regards Howard

This thread is for the use of laz only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our malware Removal forum.

[laz]

FindAWF log is clean

This is the log from Crusty exe (HijackThis)

What do I do now? Restart?

[Howard]

Your system is still showing signs of infection. Please do the following.

You might want to copy and paste these instructions into a notepad file. Then you can have the file open in safe mode, so you can follow the instructions easier.

Boot into safe mode, under your normal user name(NOT THE ADMINISTRATOR ACCOUNT). See how HERE.

In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how HERE.

Go to add remove programmes in your control panel and uninstall anything to do with(if there).

Viewpoint.
WinBudget

Close control panel.

Click start/run and type services.msc into the run box and press the enter key.

When the window appears, maximise it. Double click on the following services(if there) and select stop if they are running. Set the startup type to disabled. Click apply/ok for each service you disable.

Viewpoint Manager Service

Close the services window.

Run HJT with no other programmes open(except notepad). Click the scan button. Have HJT fix the following, by placing a tick in the little box next to(if there).

O2 - BHO: IE - {0CB66BA8-5E1F-4963-93D1-E1D6B78FE9A2} - C:\Program Files\WinBudget\bin\matrix.dll

O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/...oUploader3.cab

O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

Click on the fix checked button.

Close HJT.

Locate and delete the following bold files and/or folders(if there).

C:\Program Files\Viewpoint<<Delete the entire folder.
C:\Program Files\WinBudget<<Delete the entire folder.

Reboot into normal mode and rehide your protected OS files.

Download combofix.exe to your desktop. Double click combofix.exe & follow the prompts. A window will open with a warning. Type "1" (and Enter) to start the fix. When the scan completes it will open a text window. Please attach that log back here together with a fresh HJT log. Caution - do not touch your mouse/keyboard until the scan has completed. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop.

Combofix will automatically save the log file to C:\combofix.txt

Post the Combofix log as well as a fresh HJT log.

Regards Howard

This thread is for the use of laz only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our malware Removal forum.

[laz]

Howard .....
I thought I was almost done, but I got an error
"you can not remane ComboFix to ComboFix - Please use another name"
when trying to run ConboFix exe. I have attached a print screen in a word doc.

What do I do?

Thx ..... Laz

i forgot the attachment

The attachment must be too big. It did not attach

[Howard]

What exactly were you doing when you got the error?

From your post it looks like you were trying to rename Combofix, is this correct? If so, you shouldn`t rename Combofix. Just run it as per the instructions.

Regards Howard

This thread is for the use of laz only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our malware Removal forum.

[laz]

i downloaded the exe file to my desktop
double clicked the file
and got the error I was doing nothing else

I did though first click the "run" instead of "save button when attempting to download the exe file, but as it started I hit "cancel"

[Howard]

Ok, delete your present version of Combofix and redownload it as per the instructions. make sure you save the file to you desktop.

Then, try running it.

Regards Howard

This thread is for the use of laz only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our malware Removal forum.

[laz]

i clicked on the link in your posting for combofix exe and saved it on the desktop. i double clicked the exe it starts and then i get the same error

"you can not remane ComboFix to ComboFix - Please use another name"

[Howard]

Ok, no problem, this sometimes happens. Therefore we`ll use another programme to check your computer. Delete Combofix, then do the following.

Download Deckard's System Scanner and save it to your desktop. Note: You must be logged onto an account with administrator privileges. Save all your work and close all opened programs. Double click on dss.exe to run it. Follow the prompts. When the scan is complete, two log files will be produced. The first one, main.txt, will be maximized, the second one, extra.txt, will be minimized. Please post the contents of the 2 log files in your next reply.

Post the two DSS logs as well as a fresh HJT log.

Regards Howard

This thread is for the use of laz only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our malware Removal forum.

[laz]

Howard .....
Attached are the logs; 2 dss logs and a fresh HJT log.
Let me know what you think, what you find.
Thanks so much,
Laz

[Howard]

Your HJT log is now clean. However, it appears you`re not running any antivirus or firewall software, which is a huge security risk. Please see this thread HERE for free recommended security software.

Your DSS logs, also appear to be clean. Unless you`re still having problems, you should be good to go.

If you`re not having any further problems, please do the following.

Delete DSS and the AWF tool.

Turn off system restore.(XP/ME only) See how HERE.

Now, turn system restore back on. This will have deleted all your old restore points and any nasties that are in them. It will also have created a new, clean restore point.

If you have no further questions could you please mark this topic Solved by going to the top of this thread and click Thread tools, then select Mark this thread as solved As seen in the image below:

If you need this thread re-opened please contact a moderator or PM me.


If you have any further virus/spyware problems, please post in this thread.

Regards Howard

This thread is for the use of laz only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our malware Removal forum.

[laz]

Howard .....
Thanks so much for your help!!!!

With regard to the software firewall. Up to last month the PC that was infected had Norton Internet Security which included anitvirus and firewall protection. This was part of a software package with the purchase of the laptop. This month I purchased and installed Norton AntiVirus which offers virus prevention and update for a year but not the firewall. So I intalled the Norton AV and activated the Windows firewall.

What is the right course? Should I purchase and reinstall Norton Internet Security? But I also looked the listing of programs that will keep our system secure. (We now have a network including wireless point with 2PC (maybe soon 3) and 2 laptops.) Which programs in your list would you recommend we use?

Separately. I remember reading in one of your posting "we are all in God's hands". I think without even realizing I was praying to God, not knowing who I could go to to get help, saying to myself, Who can I ask? And He directed me to you and Jason. I agree with you we are all in God's hands.

[Howard]

Personally, I wouldn`t touch Norton with a barge pole.

Not only is it a complete system resource hog, but it`s not very good at killing malware either. The free security software I recommended is far better, won`t slow your system as much and isn`t as temperamental as Symantec/Norton crapware.

Regards Howard

This thread is for the use of laz only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our malware Removal forum.

[laz]

ok!!! I will listen!!! I will do away with norton.
but please if you can make a further suggestion with regard to which programs I should use out of your overall list.

AVG free or Avast antivirus programmes.
Zonealarm, Kerio or Comodo free firewall programmes.
Spybot Search & Destroy.
Ad-Aware se personal.
Spyware Blaster.
AVG Antispyware.
Ccleaner.
FireTrust SiteHound.

Thanks again
Laz

[Howard]

No problem.

I recommend for antivirus, either AVG free or Avast.

For Firewall software, I recommend either Zonealarm or Comodo.

Spyware Blaster/SS&D/AdAware2007/AVG Antispyware are all good programmes you may want to have.

Checkout our Ad-Aware2007 guide HERE.

Regards Howard

This thread is for the use of laz only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our malware Removal forum.