Completed the R&RMF....

but still having issues with WinFixer, WinAntiVirus, ErrorSafe, etc. O/S is WinXP Pro 5.1.2600 and have Intel Pentium 4, 3GHZ Dell. When I ran the presribed R&RMF scanning programs found the following:
1) Ccleaner:detected and cleaned the various cookies etc.
2) MS Malicious software found nothing
3) Spybot found nothing
4) MS Defender found UWA6P_0001_N91M1807NetInstaller.exe and supposedly fixed it.
5) BitDefender results will be attached
6) Panda Active scan attached (found WinFixer)
Subsequently ran VundoFix which found nothing.

THANKS FOR YOUR HELP!

 

Re: Completed the R&RMF....part2

other files

 

Using add/remove programs which can be accessed from the control panel, uninstall the following:

Download

- Pocket KillBox

Extract it to its own folder somewhere that you will be able to locate later.

IMPORTANT: You should print or save the below locally, so you can refer to them while offline. You must exit all browsers before running the below steps and it would be best if you actually physically unplug your cable to the internet, reboot, and do not run anything but what I give you to do. Also it would be good to exit all processes and items in your System tray.

Do the above before continuing! Okay unplug your cable now.

Make sure you have rebooted in Normal Mode (do not open any other processes)


Run HijackThis. Click the 'Do a system scan only' button.

Place a checkmark in the box next to the following lines:

Click on the 'Fix checked' button. Wait for HijackThis to finish; close HijackThis.

Now run Pocket Killbox:

Paste the below filenames into KILL BOX one at a time. Check mark the box that says "Delete on Reboot" and checkmark the box "Unregister DLL" (If available) Click the RED X and it will ask you to confirm the file for deletion say YES and when the next box opens prompting you to reboot now...click NO...and proceed with the next file. Once you get to the last one click YES and it will reboot.

If Killbox does not reboot or you get a Pending Operations type error message just reboot your PC yourself.

Now boot into SAFE MODE

Open Windows Explorer navigate to and DELETE the following: (Some of these may have already been deleted by Pocket Killbox)

If you have Windows XP delete the contents of C:\WINDOWS\Prefetch.


REBOOT to Normal Mode.

Let me know how things are running now

Post a fresh HijackThis log, a fresh newfiles log and a fresh activescan log.

 

Thanks so much for your response! I've taken all of your recommended steps and noticed that activescan turned up a few others. Haven't really spent much time yet on the internet to see if I still have issues. Uploading the files that you asked me to run again.

 

Hmm... something didn't work properly there. Lets try again.

Probably my fault I missed a HJT line the first time, sorry.


Run HijackThis. Click the 'Do a system scan only' button.


Once the scan has completed click Config

Click Misc Tools

Click Open Process Manager

Terminate the following processes by selecting them from the list and clicking Kill Process
This may not be running but we need to check

Click back to return to the scan results.

Place a checkmark in the box next to the following lines:

Click on the 'Fix checked' button. Wait for HijackThis to finish; close HijackThis.

Now run Pocket Killbox:

Paste the below filenames into KILL BOX one at a time. Check mark the box that says "Delete on Reboot" and checkmark the box "Unregister DLL" (If available) Click the RED X and it will ask you to confirm the file for deletion say YES and when the next box opens prompting you to reboot now...click NO...and proceed with the next file. Once you get to the last one click YES and it will reboot.

If Killbox does not reboot or you get a Pending Operations type error message just reboot your PC yourself.

Now boot into SAFE MODE

Open Windows Explorer navigate to and DELETE the following: (Some of these may have already been deleted by Pocket Killbox)

If you have Windows XP delete the contents of C:\WINDOWS\Prefetch.


REBOOT to Normal Mode.

Let me know how things are running now

Post a fresh HijackThis log, a fresh newfiles log and a fresh activescan log.

 

Completed your recommended followup steps and happy to report that, thus far, no pop ups! I have attached the requested scan files. Activescan did turn up some spyware issues but they all look like cookies for the most part. In my C:\Windows folder, there's numerous folders that are in a dimmer font and all have prefix $NtUninstallB(then six digits)$. All of the folders seem to contain a spuinst - are these all just window service pack updates?

Thanks again for your help!

 

Yes! each of the folders contains the uninstaller for a specific hotfix or update. Unless you are REALLY desperate for drivespace or you know that you'll never need to uninstall an update you should leave them there.

Yes! All of the files in the activescan log are cookies. They are of no real consequence.

You should fix the following lines with HJT

Are you aware that you have PC Anywhere installed. This is remote access software and if it is installed without your knowledge could be a security risk.

Other than the small issues above your logs look clean!

If you are not having any other malware problems, it is time to do our final steps:

1. If we used Pocket Killbox during your cleanup, do the below
   • Run Pocket Killbox and select File, Cleanup, Delete All Backups
2. If we had you download any registry patches like fixme.reg or fixWLK.reg (or any others), you can delete these files now.
3. If you are running Windows XP or Windows ME, do the below:
   • go back to step 8 of the READ & RUN ME to Disable System Restore which will flush your Restore Points.
   • Then reboot and enable System Restore to create a new clean Restore Point.
4. After doing the above, you should work thru the below link:
   • How to Protect yourself from malware!