Dying here... anyone help

You ran Counter Spy but you told it to ignore a few of your problems. Run it again and make sure you have it fix all problems especially the below which you previously ignored:

iMesh Adware Bundler
Warez P2P Adware Bundler
My Search Bar

Attach a new log from CounterSpy.

Is CounterSpy the free trial version from the READ ME or is it a paid version?
Is Spyware Doctort a free trial version from or is it a paid version?

You did not install and run GetRunKey and ShowNew as instructed. You seem to have run them from inside the ZIP file. You must extract ALL files from the ZIP file and then run the .bat files from a Windows Explorer session as instructed. However do the below first!

Start by downloading a tools we will need - Pocket KillBox

Extract it to its own folder somewhere that you will be able to locate it later.

Run HijackThis and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:

O4 - HKLM\..\Run: [bbouhvpzsy] C:\WINDOWS\System32\ujskffse.exe
O4 - HKLM\..\Run: [swhost] C:\WINDOWS\system32\swhost.exe
O4 - HKLM\..\Run: [gsADgcps] C:\WINDOWS\siqlvqb.exe
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/167a65e4c9a38ba83014/netzip/RdxIE601.cab
After clicking Fix, exit HJT.

Copy the bold text below to notepad. Save it as fixme.reg to your desktop. Be sure the "Save as" type is set to "all files" Once you have saved it double click it and allow it to merge with the registry.

Now run Pocket Killbox by doubleclicking on killbox.exe
Choose Tools > Delete Temp Files and click Delete Selected Temp Files.
Then after it deletes the files click the Exit (Save Settings) button.
NOTE: Pocket Killbox will only list the added files it is able to find on the system. So when you do the below, if some files do not show in the list after pasting them in, just continue.

Select:

• Delete on Reboot
• then Click on the All Files button.
• Please copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):

c:\windows\downloaded program files\WinadX.inf
c:\windows\inf\satmat.inf
c:\windows\satmat.ini
C:\WINDOWS\System32\ujskffse.exe
C:\WINDOWS\system32\swhost.exe
C:\WINDOWS\siqlvqb.exe

• Return to Killbox, go to the File menu, and choose Paste from Clipboard.
• Click the red-and-white Delete File button. Click Yes at the Delete on Reboot prompt.

If you receive a PendingFileRenameOperations prompt, just click OK to continue (But please let me know if you receive this message!).
If Killbox does not reboot just reboot your PC yourself.
Now attach the below new logs and tell me how the above steps went.

1. GetRunKey
2. ShowNew
3. HJT

Make sure you tell me how things are working now!

Reminder Note: Once we have determined you are malware free you will need to disable System Restore, reboot, and re-enable system restore per step 1 of the READ & RUN ME. This only applies to if using WinXP or WinMe.

 

This error message is explained on the download pages for both ShowNew and GetRunKey. Please follow the directions there to fix this problem and attach new logs afterwards.

 

Then uninstall both of them now to avoid conflicts with Windows Defender and to avoid excessive use of system resources which will slow your PC down.

 

It will show in Add/Remove Programs as Sunbelt CounterSpy

We have a little more cleanup to do.

Uninstall the below old versions of software:
J2SE Runtime Environment 5.0 Update 3
J2SE Runtime Environment 5.0 Update 6
Java 2 Runtime Environment, SE v1.4.2_03
Mozilla Firefox (1.5.0.8)

Now install the current version of Sun Java from: Sun Java Runtime Environment

Then install the current version of FireFox from: Mozilla Firefox

Now you need to cleanup some of your Desktop clutter. It is not a good idea to keep things saved on your Desktop. If you need or just want to keep any of the below, move them to a appropriately named folder where you save downloads (i.e., C:\Downloads and then create subfolders in this downloads folder that are also named for each application you download and save the files there). This is safer way to store them and you will not forget what they are this way. Here are the items I'm referring to and 2 of them I question whether you knowing downloaded and installed:

Code:

"C:\Documents and Settings\Princess\Desktop\"
avg75f~1.exe  Nov 19 2006    17207032  "avg75free_428a818.exe"
ccsetu~1.exe  Nov 19 2006      452000  "ccsetup134_slim.exe"
counte~1.exe  Nov 19 2006    13846080  "counterspy.exe"
 
[B][COLOR=#800080]Is the below Remote Support System  Did you download  & install this?[/COLOR][/B]
dn_rss.exe    Nov 19 2006      331007  "dn_rss.exe"  
[COLOR=purple] 
[/COLOR]getrun~1.zip  Nov 19 2006       67311  "GetRunKey.zip"
hijack~1.zip  Nov 19 2006      212849  "hijackthis.zip"
jre-1_~1.exe  Nov 19 2006    16508560  "jre-1_5_0_09-windows-i586-p.exe"
killbo~1.exe  Nov 20 2006       92672  "killbox(2).exe"
norton~1.exe  Nov 19 2006      616080  "Norton_Removal_Tool.exe"
 
[B][COLOR=#800080]Is the below Remote Support System  Did you download  & install this?[/COLOR][/B]
rssins~1.exe  Nov 19 2006     6934808  "RSS Install.exe" 
 
[COLOR=purple][/COLOR]shownew.zip   Nov 19 2006       63421  "ShowNew.zip"
spybot~1.exe  Nov 19 2006     5037072  "spybotsd14.exe"
window~1.msi  Nov 19 2006     5186048  "WindowsDefender.msi"
xphome~1.exe  Nov 20 2006       94208  "XPHomeFiles.exe"

Delete the below file:
C:\WINDOWS\b.exe


If you are not having any other malware problems, it is time to do our final steps:

1. If we used Pocket Killbox during your cleanup, do the below
   • Run Pocket Killbox and select File, Cleanup, Delete All Backups
2. If we used ComboFix you can delete the ComboFix.exe file and associated C:\combofix.txt log that was created.
3. If we used VundoFix, you can delete the VundoFix.exe file and the C:\VundoFix Backups folder and C:\vundofix.txt log that was created.
4. If we had your run FixWareOut, you can delete the Fixwareout.exe file and the C:\fixwareout folder.
5. If we had you download any registry patches like fixme.reg or fixWLK.reg (or any others), you can delete these files now.
6. You can delete the ShowNew.Zip and GetRunkey.Zip files and the files that you extracted from the ZIP files. You can also delete the C:\newfiles.txt and C:\runkeys.txt logs that were created
7. If you are running Windows XP or Windows ME, do the below:
   • go back to step 8 of the READ & RUN ME to Disable System Restore which will flush your Restore Points.
   • Then reboot and Enable System Restore to create a new clean Restore Point.
8. After doing the above, you should work thru the below link:
   • How to Protect yourself from malware!

 

If you want, you can PM me with an email address and I will send you info. It's your decision!

As long as it is something you installed it is fine. But are you aware that Windows XP has a built-in remote desktop connection program?