Halp! Spyware removal!

Hey Guys,
My computer started having adware-type symptoms..... every once in a while, while loading a web page, something would redirect my browser to a web site called "affiliatetarget.com", and then all sorts of adware would pop up. I went through steps 0-6 of "Basic Spyware, Virus, and Trojan Removal" with the exception that I did not disable and then re-enable my system restore, since I figured I'd wait until I have all known malware removed. My computer is infected, as shown by the attached Bitdefender and Panda Activescan reports. What do I do to get rid of that crapware? I figure I should get rid of known malware before proceeding further.
Thanks much,
Larry H

 

Welcome to MajorGeeks.com!

Please see the below thread on how to install and run Ewido Anti-Malware.

• Running Ewido Anti-Malware...

 

Thanks, bjgarrick.... I tried installing Ewido anti-malware, but it requires Windows 2000 and I have Windows ME. Any ideas?
Thanks,
Larry H

 

Ahh, since we can't run Ewido let's run Spy Sweeper.

Please see the below thread on how to install and run Spy Sweeper.

• Running Spy Sweeper...

 

This is third time trying to reply to your post. When I try to post, my browser gets redirected and a bunch of adware pops up, preventing me from posting a message. Hopefully this time it'll go through. I ran SpySweeper. It found and removed 2 of the 19 objects that Activescan found. Obviously, my problem is not fixed. Any ideas? Hopefully I will be able to post this message.
Thanks,
Larry H

 

If possible attach the Spy Sweeper log, but I can't help you without a HJT log so attach this one if you can.

 

Damn, I don't have the SpySweeper log. When I get home tonight I'll run HJT and attach the log.
Thanks,
Larry H

 

All right, here is the HJT log file. I think I attached the HJT log correctly. What do I need to do to fix my machine?
Thanks,
Larry H

 

Look in Task Manager (Ctrl-Alt-Del) for the following running processes and, if you see any of them, try to END them:[/FONT][/B]

WINK.EXE

Now scan with HijackThis and check the boxes for the following entries:
( Make sure ALL browser windows are closed when you click FIX )

O4 - Startup: wink.lnk = C:\Program Files\Wink\Wink.exe

Again, make sure ALL browser windows are closed when you click FIX.

Now, Please boot into Safe Mode, be sure you have the Viewing of Hidden Files & Folders Enabled per the tutorial. Now, navigate to and DELETE the following if they should remain:

C:\Program Files\Wink ← Delete this whole folder if it exist!

Next, run CCleaner to clean up cookies and temp files.

After you complete the above, reboot and procede with the below instructions...

Download the following two files, create a folder on your desktop, call it TSC. Save these 2 files there.

Note: They must be in the same directory for it to work properly!

Sysclean Package

Pattern.zip

After you complete the above, locate the file "lpt139.zip", right click to extract the contents to the same directory.

Once you complete the steps above, REBOOT INTO SAFE MODE!

Once in Safe Mode double click the file sysclean.com. When the system cleaner loads, click SCAN to start the scanner. After you complete the scan reboot and attach a fresh HJT log along with the Trend SysClean Log.

 

Hi BJGarrick,
Thanks for your help. I followed your instructions to the letter. I wasn't able to save the sysclean log, but I have the current HJT log.
Larry H

 

You don't have to save the log it creates it automatically. Look in the folder where the files you downloaded were and attach this log.

Your HJT log looks good by the way.

 

Ah, that's where it is. Here's the Sysclean log.
Thanks,
LarryH

 

Everything looks good, are you having any further problems?

 

So far, so good. I haven't seen any spyware symptoms and my browsing since running the last pocedure is adware-free (keeps fingers and toes crossed). Thank you SO MUCH, bjgarrick, for helping me out. You're a lifesaver!
......Larry H

 

Your Welcome!

You should see this article on How to Protect yourself from malware!

Surf Safely!