DriveCleaner and WinAntiSpyware PopUps

hey guys,
I've completed steps 0-6B in the Read and Run Me First Thread.

When I ran Spybot it was unable to delete ALTNET (HKEY_LOCAL_MACHINE_SOFTWARE_ALTNET).

My main popup problems have been:

DriveCleaner
WinAntiSpyware (WinAntiVirus)
ads.gad-network

Attached are the first 3 files.

Thanks!
Leroy

 

here are the additional logfiles...

 

Using add/remove programs which can be accessed from the control panel, uninstall the following:

Did you intentionally install and do you use PartyPoker.net or PartyPokerNet if not then uninstall both of those. I am not positive but they probably ship with some low level adware which could cause some popups.

Have you intentionally set up the following proxy:

Download

- Pocket KillBox

Extract it to its own folder somewhere that you will be able to locate later.

IMPORTANT: You should print or save the below locally, so you can refer to them while offline. You must exit all browsers before running the below steps and it would be best if you actually physically unplug your cable to the internet, reboot, and do not run anything but what I give you to do. Also it would be good to exit all processes and items in your System tray.

Do the above before continuing! Okay unplug your cable now.

Make sure you have rebooted in Normal Mode (do not open any other processes)

Copy the below bold text to notepad and save it as FixAltNet.reg on your desktop. Note the .reg extention, you will need to make sure the file type is set to All Files to save it properly.

Run HijackThis. Click the 'Do a system scan only' button.

Once the scan has completed click Config

Click Misc Tools

Click Open Process Manager

Terminate the following processes by selecting them from the list and clicking Kill Process (if they arn't there just move onto the next step.)

Click Back to return to the scan results

Place a checkmark in the box next to the following lines:

Click on the 'Fix checked' button. Wait for HijackThis to finish; close HijackThis.


Doubleclick on the FixAltNet.reg file we saved on the desktop and click yes to allow it to merge with the registry.


Now run Pocket Killbox:

Paste the below filenames into KILL BOX one at a time. Check mark the box that says "Delete on Reboot" and checkmark the box "Unregister DLL" (If available) Click the RED X and it will ask you to confirm the file for deletion say YES and when the next box opens prompting you to reboot now...click NO...and proceed with the next file. Once you get to the last one click YES and it will reboot.

If Killbox does not reboot or you get a Pending Operations type error message just reboot your PC yourself.

Now boot into SAFE MODE

Open Windows Explorer navigate to and DELETE the following: (Some of these may have already been deleted by Pocket Killbox)

If you have Windows XP delete the contents of C:\WINDOWS\Prefetch.

REBOOT to Normal Mode.

Let me know how things are running now

Post a fresh HijackThis log, a fresh newfiles log and a fresh activescan log.[/QUOTE]

 

hey Matt,
I completed all the steps in your reply, and have been surfing for about the last hour and no pop ups! thanks a lot man...

I do use Party Poker occassionally, but if I see the same popups again or something similar, I'll delete the program.

I had set up a proxy to try to get around a download timer on rapidshare but it didn't work so I don't need it anymore.

When I tried to run an activescan, the window that shows the scan results won't resize?? So I'm not able to see the button that saves the log. This happened the first time I tried, it worked the second time, but has not worked on subsequent tries. I'll try again later today and see if it works then.

Of the tools I downloaded (SpyBot, windows defender, windows malicious software remover) how often should I be running them?

I also noticed some additional tools on your recommended download page (ie. ZoneAlarm etc.) that I don't have yet, but will start using.

Thanks again for your help! Much appreciated.
Leroy

 

hey Matt,
the activescan worked this time, here's the log. I compared them to the old one and noticed that there were still some entries it looks like I didn't get rid of. Let me know if I need to be concerned.

Thanks,
Leroy

 

hey Matt,
Here are the new log files you'd asked for. I had installed Spywared Guard and Zone Alarm a few days ago. The previous patch you sent me seemed to work ie. a message confirmed that it had been merged with the registry.

Leroy

 

Sorry for the delay. I did post a reply but we had to do a database restore so it is no longer here.

Well the patch doesn't seem to have worked.

try this one.

Do the same as above and run it to merge with the registry.

If that doesn't work then we may have to take ownership of it and delete it manually. Unfortunatly unless you are familiar with the registry you need to run active scan again to check if its removed it. Can you run CCleaner before you do run the activescan again though to remove all the cookies.

 

If that doesn't work then we may have to take ownership of it and delete it manually.