Help Please :((

Below is a screen shot of what happens each time I shut down my browser.

I have gun AdAware with the latest definition updates and SpyBot S&D with the latest definitions.

I have also gone to www.trendmicro.com to run Housecall to search for Spyware/Malware and Viruses. Is there any way to stop this crap from trying to modify my computer? Please advise, thank you so much in advance !!

http://img479.imageshack.us/img479/8313/calvin0340as.jpg

 

Please follow forum guidelines and perform cleaning steps in the sticky thread before posting HijackThis logs.

Please follow our standard cleaning procedures which are necessary for us to provide you support. Also there are steps included for installing, running, and posting HijackThis logs as attachments.

- Run ALL the steps in this Sticky thread READ & RUN ME FIRST Before Asking for Support

• Make sure you check version numbers and get all updates.

After doing ALL of the above you still have a problem make sure you have booted to normal mode and run the steps in the below link to properly use HijackThis:

Downloading, Installing, and Running HijackThis

 

I'v done the steps in the outlined tutorial, some of the scans found spyware and cleaned that spyware away, however I still get these attempts to modify/change my registry when I shut down my web browser.

Ran Ccleaner - found nothing
Ran Microsfot Malicious Tool Cleaner - found nothing
Ran AdAware - removed some tracking cookies
Ran Spybot - removed some spyware
Ran Microsoft antiswpyeware - found nothing
Ran CWShredder - no present on machine
Ran Kill2Me - not present


Ran Bitdefender - found some items, cleaned/deleted what it found. Saved log file.

Ran Panda Active Scan - found:
spysheriff
SearchAid
Spywad


Funny, when I close my browser, I get all those registry change attempts, when I re-start my browser, it stops.

What shall I do next, post the logs of Panda and Bitdefender, Hijack this log?

Please advise, thank you.

 

Thanks a bunch, here are the 3 log files.

 

Follow directions. Convert the BitDefender log to a text file using this procedure Saving BitDefender Log as Text File. Which is cleary stated in Step 6 of the READ & RUN ME FIRST Before Asking for Support.

Your Bitdefender log is not in an easily readable format.

You have not installed and run Microsoft Anti-Spyware as requested in Step 5 of the READ & RUN ME FIRST Before Asking for Support.

DO not skip stuff in the tutorial. If there are problems with running some of the steps you must tell us or we will assume that you are skipping over stuff.

Disable Teatimer as requested in Step 5. SEE ABOVE Quote Box.

Edit by: Shadow_Puter_Dude

Reason: Adding Fix

Uninstall the Following:

FreeRam
MyWay
​

FreeRam is an unnecessary program for XP. Running such a program can degrade system performance.

Scan with HijackThis and fix teh following:

REBOOT to Safe Mode.

Open Windows Explorer, navigate to a DELETE the following:

REBOOT to Normal Mode.

Post a fresh HijackThis log and the properly converted BitDefender log.

 

Attached is the Bitdefender log converted and the newest Hijack this log.

Thanks for your help!

 

Empty your quarantine folders on Norton and Housecall.

[EDIT] If your do not have Trendmicro installed any longer, delete the folder completely.

In HJT Choose Open the Misc Tools Section choose Process Manager, Highlight:

Choose Kill Process

Now scan and have HJT Fix the following:

Download
- Pocket Killbox

Now run Pocket Killbox:

Choose Tools -> Delete Temp Files and click the RED X.

Run Killbox.exe. Paste the below filenames into KILL BOX one at a time. Check mark the box that says "Delete on Reboot" and checkmark the box "Unregister DLL" (If available) Click the RED X and it will ask you to confirm the file for deletion…say YES and when the next box opens prompting you to reboot now...click NO...and proceed with the next file. Once you get to the last one click YES and it will reboot. Note many of the file list below may not exist but we need to check for them anyway.

If Killbox does not reboot or you get a Pending Operations type error message just reboot your PC yourself.

Now boot into SAFE MODE

Open Windwos Explorer navigate to and DELETE the following: (Some of these may have already been deleted by Pocket Killbox)

Now run CCleaner. If you have Windows XP delete the contents of C:\WINDOWS\Prefetch.

Then, as an added precaution, Go to Start -> Run and type: cleanmgr and then click OK. Make sure the boxes for these are checked:
Temporary Files
Temporary Internet Files
Recycle Bin

And Click OK.

REBOOT to Normal Mode.

Download WinPFind

Extract it to the root folder of drive C ( C:\ ). This will create a folder called WinPFind in the C:\ folder. Inside C:\WinPFind is a file called WinPFind.exe. Double-click on this file to launch the program. Once it is launched, click on the Start Scan button and wait for it to finish. This program will scan large amounts of files on your computer for known patterns so please be patient while it works as it can take a while, upwards to 30 minutes or more.

When it is done, it will show the results of the scan. Click on the Copy to Clipboard button and then paste the contents of the log in your clipboard. Then save it to a file using notepad and upload the text file here as an attachment.

Post a fresh HijackThis log along with the WinPFind.txt file.

 

Did all that you said, here are the two log files. Thank you !

 

Your logs are clean.

How is your system running?

 

System appears to be running well. Since shutting off Tea Timer, I do not get those pop warnings and with Microsoft AntiSpyware Running, it does not tell me anything is trying to manipulate my registry.

Thanks a bunch

 

Disable System Restore, then enable system restore to fush your restore points and create a new fresh restore point.

System Restore

How to Protect yourself from malware!