Cleaned but Panda finds wintools searchexe

Welcome to Major Geeks!

I guess you started the procedure a number of days back. There is a new shorter and better version of the READ & RUN ME out now. You don't need to redo anything right now.

You only needed to run CounterSpy or AVG AntiSpyware not both and you did not need to run SuperAntispyware.

You missed attaching the below logs:

• CounterSpy or AVG Antispyware
• BitDefender
• PandaActive Scan

You also missed uninstall Viewpoint Media Player in step 0.
You also missed uninstall all but on antiviruse program in step 3. You have Norton and McAfee installed.
You also forgot to uninstall Java 2 Runtime Environment, SE v1.4.2 in step 6.

If Panda is only saying something about those items being in the registry but not telling you where, you don't need to worry about them because they are benign, insignificant, registry entries that will not cause any issues.

You do need to delete the below files though

Code:

"C:\WINDOWS\SYSTEM32\"
bsppdxvc.ini  Nov  8 2007      570952  "bsppdxvc.ini"
dkmspqew.ini  Nov  4 2007        1015  "dkmspqew.ini"
evoluhrx.ini  Jun  6 2007         535  "evoluhrx.ini"
fhfauknq.ini  Jun  6 2007         415  "fhfauknq.ini"
geyrnxxv.ini  Nov  7 2007      570592  "geyrnxxv.ini"
hsrakked.ini  Nov  6 2007      570410  "hsrakked.ini"
losyusun.ini  Nov  4 2007        1135  "losyusun.ini"
mcsjgwkf.ini  Jun  6 2007         715  "mcsjgwkf.ini"
midwkpvi.ini  Jun  6 2007         835  "midwkpvi.ini"
mkljhkgu.ini  Jun  6 2007         595  "mkljhkgu.ini"
nlupjrwc.ini  Nov  8 2007      570772  "nlupjrwc.ini"
otpdiodc.ini  Jun  8 2007         774  "otpdiodc.ini"
ovkvgyrl.ini  Jun  6 2007         655  "ovkvgyrl.ini"
oxnevplc.ini  Jun  6 2007         775  "oxnevplc.ini"
thcbgbek.ini  Jun  5 2007         535  "thcbgbek.ini"
vehijcep.ini  Apr  8 2007     1246581  "vehijcep.ini"
vkaoojut.ini  Jun  6 2007         835  "vkaoojut.ini"
wbrratbi.ini  Jun  5 2007         655  "wbrratbi.ini"

Let me know if you have any problem deleting these.

 

Try using the below to get rid of Norton.

Norton Removal Tool (SymNRT)

Those are exactly what I said, benign entries that you don't need to worry about.

 

Just some minor things. Some performance related.


Run this Disable/Remove Windows Messenger to remove Windows Messenger. Do not confuse Windows Messenger with MSN Messenger because they are not the same. Windows Messenger is a frequent cause of popups.


Run HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

After clicking Fix, exit HJT.

You can delete the below left overs from Symantec.

Code:

"C:\Documents and Settings\Deloris proctor\Local Settings\Temp\"
sym114.tmp    Dec  2 2007      170876  "Sym114.tmp"
symnrt~4.log  Dec  2 2007    13777124  "SymNRT 12-2-2007 21h15m30s.log"

If you are not having any other malware problems, it is time to do our final steps:

1. You can delete the ShowNew.Zip and GetRunkey.Zip files and the files that you extracted from the ZIP files. You can also delete the C:\newfiles.txt and C:\runkeys.txt logs that were created
2. If you are running Windows XP or Windows ME, do the below:
   • go back to step 8 of the READ & RUN ME to Disable System Restore which will flush your Restore Points.
   • Then reboot and Enable System Restore to create a new clean Restore Point.
3. After doing the above, you should work thru the below link:
   • How to Protect yourself from malware!

 

You're welcome.

When you ran Ccleaner in the READ & RUN ME, you did this.

There will be no conflict without Teatimer. You will note that in the How to protect thread Spybot is recommend to be installed.