How do I reformat hard drive after spy mess?

I've spent the last 3 weeks trying to get rid of spyware. Learned a lot from you guys in the last few days. (Did all the do-me-first stuff carefully, got rid of lots of problems.) Finally, I have Aurora Nail. NoAdware3 caught the Nail but can't afford to buy it today to see if it will clean it up.
At this point I just want to stop fighting and reformat my 60g hard drive on PIII 450 with XP. I have nothing on it I want to keep; just want to start fresh. The hard drive has a c: and d: partition which I don't understand. Can you point me to some directions for how to reformat and should I keep the double partition or what?

I will need to buy software to prevent more problems, and have the idea that Zone Alarm would be a better firewall than XP. I have Norton AV already. Learned from you guys to download tons of spyware scans also, I think. Any suggestions on what else to do as soon as the reformat is done? You guys are the neighbors I always wanted to have. Thanks for your wisdom and willingness to help.

 

First, we can remove any infections you have as we specialize in the removal of these pest. You do not have to buy any software to stay protected we have threads of software thats 100% free that will keep you protected.

If you want to we can remove these pest with a little work, nothing to it!

If you want to procede with the removal attach a current HJT log from normal mode.

 

Thanks. I have been reading and printing instructions at my work computer each night, then doing them the next day on my angry computer at home. (It doesn't like to get on the net half the time.) I'll follow the instructions for making the HJT log next and get back to you with the results. Thanks. I just thought it might be faster to reformat since I may have messed stuff up already with all the working in the dark I did on it before I found you guys' great directions. (Some of the registry keys I was expecting weren't there, for instance.) Again, thanks, and I'll be back with you ASAP.

 

It would be quicker but you would lose all data on your HDD, removing it would be the best route however its up to you.

Will be awaiting results!

 

Okay, you are forcing the truth out of me. My even older PC was slowing down so much and I didn't know what it was (months ago), so I did something that wiped it all out, I think I might have formatted it and then started to see a screen about partition and panicked and aborted it. So I already lost all the data on it. It was just family stuff anyway (I hope).

So next I robbed it of memory and the CDRW and stuck them in the newer old PC I bought for $75. It had a 6g drive which was way too small. It got viruses and I couldn't get rid of them, so then I pulled the drive out (it has data I do want), and put the 60g drive from the older PC into the slightly newer one.
That 60g is the one I was planning to reformat since I already wiped out all my data. Now I've even run spyware downloads on top of whatever might have been hidden beneath whatever the partitioning did to it.

I know, I know, this is just what happens when somebody who doesn't know what they are doing has no money for repairs and keeps trying to figure things out without knowing there is something wonderful like MajorGeeks out there.

I know I could buy a brand new unit, but no bucks is no bucks. I'm just finishing my second master's and am teaching freshman writing at a community college for peanuts while looking for a real job. So maybe I need to format the 60g, then put the 6g back in the other PC and clean up its viruses, so the kids can get online with it. (But I'm keeping the big monitor, they get the little one.) Yep, I am living The American Dream.

 

Okay, if you have no data on the drive then formatting is the best route. If you need any assistance in doing this just let us know!

Good Luck!

 

Hi, I'm back under a more anonymous user name. I think I'll try to repair the 60g hard drive before resorting to reformat since I have all your recommended spyware tools downloaded already.

I don't think I'm supposed to attach the HJT log file, so I've copied it here:

Inline log attached!

Thanks for your help, again.

 

From now on please post all logs as attachments to your post!

Download the following file, after download is complete run the uninstaller. When uninstall is complete reboot and post a new HJT log.

Download Uninstaller

 

Getting rid of nasty nail at last!

Here's the HJT log, attached as txt file. I had to regedit to restore some search settings I had told Spyguard to let change after running uninstaller, then HJT ran fine.

 

Your Operating System and Internet Explorer versions are WAY out of date and represent a major security risk. After we fix your current problems, you must get updated. You need to install Service Pack 2 for security purposes.


Please boot into Safe Mode with the Viewing of Hidden Files & Folders Enabled


Now scan with HijackThis and Check the Boxes for the following:

Make sure All Browser Windows are Closed when you Click FIX.

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drsnrsrch.com/sidesearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = websearch.drsnsrch.com/q.cgi?q=

R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - (no file)

O23 - Service: AOL Instant Messanger (AIM) - Unknown owner - D:\WINDOWS\aim.exe (file missing)
O23 - Service: System Startup Service (SvcProc) - Unknown owner - D:\WINDOWS\svcproc.exe (file missing)

Again, make sure All Browser Windows are Closed when you Click FIX.

NOW:
Click Start > Run > type services.msc and Click OK

Locate System Startup Service (SvcProc) and RightClick on it to bring up the Service Properties Window.
First: Stop the service by clicking the Stop Button.
Next: Disable it by changing the Startup Type to Disabled and click Apply

NEXT:
Run CCleaner and Spybot S&D and have Spybot fix what it finds.
Note: Dont forget to update Spybot S&D by selecting "Search For Updates"

Then, as an added precaution, Go to Start > Run and type: cleanmgr and then click OK. Make sure the boxes for these are checked:
Temporary Files
Temporary Internet Files
Recycle Bin

And Click OK.


Reboot to Normal Windows , Scan with HijackThis and attach the new log.

 

Did it. Log attached.

 

Scan with HijackThis and Check the Boxes for the following:

Make sure All Browser Windows are Closed when you Click FIX.

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drsnrsrch.com/sidesearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = websearch.drsnsrch.com/q.cgi?q=

O23 - Service: AOL Instant Messanger (AIM) - Unknown owner - D:\WINDOWS\aim.exe (file missing)

Again, make sure All Browser Windows are Closed when you Click FIX.

NEXT:
Run CCleaner

FINAL STEP

Reset Web Settings & Default Security Settings:


To Reset Web Settings:
Right click on your desktop Internet Explorer icon and select Properties. Then click the Programs tab and then click "Reset Web Settings". Now go back to the General tab and set your home page address to something useful like www.majorgeeks.com. Click Apply. Click Delete Cookies, Click Delete Files and select Delete all Offline content too, Click OK. When it finishes Click OK.

If you do not have an Internet Explorer icon on your Desktop, click Start, Control Panel (for some systems it may be Start, Settings, Control Panel), Internet Options, Programs tab and then click "Reset Web Settings". Now go back to the General tab and set your home page address to something useful like www.majorgeeks.com. Click Apply. Click Delete Cookies, Click Delete Files and select Delete all Offline content too, Click OK. When it finishes Click OK


To Default Security Settings:
Right click on your desktop Internet Explorer icon and select Properties. Then click the Security Tab and click Default Level for Internet, Local Intranet, Trusted Sites, and Restricted Sites.


After you complete the above REBOOT, surf in to Windows Updates and get updated. You must install Service Pack 2 or else problems will keep coming back.

After you install SP2, reboot and attach a fresh HJT log.

 

You guys are greaaaat (sung to the tune of nanny nanny boo boo)

Done. Only the second R1 line ended in about:blank but I deleted it anyway. And 023 won't go away, tried twice to remove it.

I hope I didn't mess up. During the day I updated Win XP all the way, SP2 and all. Also installed Norton and GoBack. The machine has been running so well, it's like a new computer to me! I worship your creator! (Kiss your feet too.) When trial period is up, do I rely on SP2 to protect me, or is it a good idea to buy the ZoneAlarm if I don't want to have to be cleaning stuff up regularly? HJT attached.

If this were Win Messenger I would wink you a dancing pig, I'm so happy.

 

I will give you a list of free programs for protection along with SP2.


NOW:
Click Start > Run > type services.msc and Click OK

Locate AOL Instant Messanger (AIM) and RightClick on it to bring up the Service Properties Window.
First: Stop the service by clicking the Stop Button.
Next: Disable it by changing the Startup Type to Disabled and click Apply

After you complete the above, Scan with HJT and have it fix the below entry if it still remains. It should be gone but just in case!

O23 - Service: AOL Instant Messanger (AIM) - Unknown owner - D:\WINDOWS\aim.exe (file missing)


After you do the above steps, reboot and let me know if any problems remain.