[pmizell]

I have been attempting to remove adoginhispen and I followed your advice to another user.

I tried to follow the instructions given to another user, but none of the files listed under HJT appeared.

Here is my HJT log:


Thanks for your help.

[Howard]

Hello and welcome to

Go HERE and follow the instructions exactly.

Post the requested log files as attachments once done.

Regards Howard

This thread is for the use of pmizell only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our malware Removal forum.

[pmizell]

Here is the AWF log and the HJT log. I ran the entire "pre" malware programs, and then followed the AWF instructions. Can't get rid of teatimer. It was disabled when I ran AWF.

Thanks again.

[Howard]

Right click on this link DelO15Domains.inf and choose Save As. Save it to your desktop. Right click on that file and choose Install. It will run immediately (you won't be able to see anything happen). You may delete it afterwards. NOTE: This script will delete any sites you may have added to the Trusted Sites. So if you want them back, you have to add them back to the Trusted Sites again.

Double-click FindAWF.exe to start the tool. Then, do the following
Select "option #2 - Restore files from bak folders" by typing 2 and press Enter .
A text file will open up. Please copy/paste the following text from the quote box (all except the word QUOTE) into the text file.

Quote:

"C:\Program Files\Spybot - Search & Destroy\bak\TeaTimer.exe"

Close the .txt file and click Yes to save the changes.
When the tool has completed, a report will open up in notepad. Please post the results of the awf.txt in your next reply as an attachment.

Regards Howard

This thread is for the use of pmizell only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our malware Removal forum.

[pmizell]

thanks

[Howard]

Please double-click the FindAWF icon once again
This time we are going to remove some folders.


Use the following option: Press 3 then Enter to remove bak folders


A text file opens called: folders.txt
Click below the line and paste the following list of folders to be removed:

Quote:

C:\Program Files\Spybot - Search & Destroy\bak

Next, close and click Yes to save the changes.

When done with the above, FindAWF automatically runs a new scan and opens a new log that you need to post.
Please provide the new FindAWF log

Regards Howard

This thread is for the use of pmizell only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our malware Removal forum.

[pmizell]

Its still there.

[Howard]

Ok, no problem, please do the following.

You might want to copy and paste these instructions into a notepad file. Then you can have the file open in safe mode, so you can follow the instructions easier.

Boot into safe mode, under your normal user name(NOT THE ADMINISTRATOR ACCOUNT). See how HERE.

In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how HERE.

Open your task manager, by holding down the ctrl and alt keys and pressing the delete key.

Click on the processes tab and end process for(if there).

crunchy.exe
TeaTimer.exe

Close task manager.

Run HJT with no other programmes open(except notepad). Click the scan button. Have HJT fix the following, by placing a tick in the little box next to(if there).

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)

O2 - BHO: (no name) - {06647158-359E-4D10-A8DE-E6145DA90BE9} - (no file)

O2 - BHO: SpywareBlock Class - {0A87E45F-537A-40B4-B812-E2544C21A09F} - (no file)

O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} -

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) -

O16 - DPF: {6F750202-1362-4815-A476-88533DE61D0C} -

O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} - http://atv.disney.go.com/global/down.../OTOYAX29b.cab

Click on the fix checked button.

Close HJT.

Locate and delete the following bold files and/or folders(if there).

C:\Documents and Settings\Dad\Desktop\crunchy.exe
C:\Program Files\Spybot - Search & Destroy\bak
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

Reboot into normal mode and rehide your protected OS files.

Download combofix.exe to your desktop. Double click combofix.exe & follow the prompts. A window will open with a warning. Type "1" (and Enter) to start the fix. When the scan completes it will open a text window. Please attach that log back here together with a fresh HJT log. Caution - do not touch your mouse/keyboard until the scan has completed. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop.

Combofix will automatically save the log file to C:\combofix.txt

Please post the Combofix log as well as a fresh HJT log and an awf.txt log after running option 1.

Regards Howard

This thread is for the use of pmizell only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our malware Removal forum.

[pmizell]

Anything else I need to do? Thank you very much. If there is more for me to do, I may not reply for a while -- have to go get barbecue for our Superbowl party (big deal in the states!).

Thanks, I am glad I found this forum, and I am amazed that you volunteer to do this. I really appreciate it.

[Howard]

All clean mate.

Turn off system restore.(XP/ME only) See how HERE.

Now, turn system restore back on. This will have deleted all your old restore points and any nasties that are in them. It will also have created a new, clean restore point.

If you have no further questions could you please mark this topic Solved by going to the top of this thread and click Thread tools, then select Mark this thread as solved As seen in the image below:

If you need this thread re-opened please contact a moderator or PM me.

If you have any further virus/spyware problems, please post in this thread.

Edit: I forgot to add, you will need to reinstall SS&D.

Regards Howard

This thread is for the use of pmizell only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our malware Removal forum.