Mom f'ed up computer... please help

My Mom spent $30.00 to "fix" her computer from one of those pop-up banner adverts becasue it told her "her computer was 'at risk'" Now we get pop-ups all the time. Also, she installed a program called WinFix 2005 and a BUNCH more software I cannot find or locate which she forgets the name of.

I have followed all of the processes in the "read me" post and have attached my HJT log.

Thank you for any help you can provide.

 

Using Add or Remove Programs in the Control Panel look for WinFixer_2005 and uninstall it.

If it can not be found do the following:

Download
- Pocket Killbox

Scan and have HJT Fix the following:

Now run Pocket Killbox:

Choose Tools -> Delete Temp Files and click OK.

Run Killbox.exe. Paste the below filenames into KILL BOX one at a time. Check mark the box that says "Delete on Reboot" and checkmark the box "Unregister DLL" (If available) Click the RED X and it will ask you to confirm the file for deletion…say YES and when the next box opens prompting you to reboot now...click NO...and proceed with the next file. Once you get to the last one click YES and it will reboot. Note many of the file list below may not exist but we need to check for them anyway.

If Killbox does not reboot or you get a Pending Operations type error message just reboot your PC yourself.

Now boot into SAFE MODE

Open Windows Explorer navigate to and DELETE the following: (Some of these may have already been deleted by Pocket Killbox)

Now run CCleaner. If you have Windows XP delete the contents of C:\WINDOWS\Prefetch.

Then, as an added precaution, Go to Start -> Run and type: cleanmgr and then click OK. Make sure the boxes for these are checked:
Temporary Files
Temporary Internet Files
Recycle Bin

And Click OK.

REBOOT to Normal Mode.

Post a fresh HijackThis log.

 

Thank you Thank you... I will try this later in the week and get back to you. Thanks again!!!

 

Well, I did everything but there are still pop-ups. I posted my HJT log. Any more help you can help would be great!

Thank you!

 

Scan with HijackThis and fix the following:

Download this trial version of Ewido Security Suite

• Install ewido security suite
• Launch ewido, there should be an icon on your desktop double-click it.
• The program will have a window come up. One of the buttons on the left is to Update. Click the Update button.and then Start the Update. The update will start and a progress bar will show the updates being installed.
• After it completes the update, click the Scanner button

Now exit Ewido. Now print the below instructions or save them locally because I want you do have no browsers opened and also have no connection to the internet (unplug your cable) while doing the below.

Okay, reboot into safe mode and follow the steps below. (If you have any problems at all trying to get into safe mode to complete these steps, just run them in normal boot mode and make sure you tell me when you come back.)

Open up Ewido and do the following:

• Click on Scanner
• Then click Settings
• Under What to Scan? Select Scan every file
• Then click OK
• Click on Complete System Scan and the scan will start.
• Let the program scan the machine

While the scan is in progress you will be prompted to clean files that are infected. Leave the defaults selections (to Remove and backup) and click OK. To save yourself some time, you can select Perform action with all infections and then click OK. With the option to scan every file, a lot of cookies will be removed.

Once the scan has completed, there will be a button located on the bottom of the screen named Save report

• Click Save report
• Save the report to your desktop or anyplace you will be able to find it to upload here.

Reboot into normal mode and reconnect to the internet.

Come back here and post the Ewido Scan Report along with a fresh HJT log.

 

Directions followed. We have less pop-ups, but they are still comming up. It's odd. If I have 6 or 7 IE windows open and Windows combines them all into one, if a pop-up window comes up, it comes in a new window besides the IE windows. This makes me think that instead of a real IE window it just looks like one.. but is a seperate program...?

I've attached the the HJT and ewido logs. This is so frustrating -- so thank you for your help!

 

Your HijackTHis log shows no signs of an infection. The Ewido log shows several things found and removed.

Please download Spy Sweeper

• Click the link above to download the program.
• Install it. Once the program is installed, it will open.
• It will prompt you to update to the latest definitions, click Yes.
• Once the definitions are installed, click Options on the left side.
• Click the Sweep Options tab.
• Under What to Sweep please put a check next to the following:
  • Sweep Memory
  • Sweep Registry
  • Sweep Cookies
  • Sweep All User Accounts
  • Enable Direct Disk Sweeping
  • Sweep Contents of Compressed Files
  • Sweep for Rootkits
  • Please UNCHECK Do not Sweep System Restore Folder.
• Click Sweep Now on the left side.
• Click the Start button.
• When it's done scanning, click the Next button.
• Make sure everything has a check next to it, then click the Next button.
• It will remove all of the items found.
• Click Session Log in the upper right corner, copy everything in that window.
• Click the Summary tab and click Finish.
• Paste the contents of the session log you copied into notepad and save it as spysweeper.txt and attach it to your next post along with a fresh HJT log.

 

Thank you Thank you! I waited a few days to ensure we were pop-up free and... WE ARE!!! You are great thanks for sticking with it, I really appreciate your help.

If it's worth anything I've attached the logs you instructed me to. I don't know if there is any follow-up that needs to be done. The second one was too large to post so I've pasted it below -- sorry I know this is not the prefered method.


Inling log attached!

 

Spy Sweeper found several items and removed them. Good to hear you are Pop-up free.

 

Just as a precaution, I would recommend the below.

Download AproposFix by Swandog46

Save it to your desktop or to another folder of its own, but do NOT run it yet!

Now reboot your computer in Safe Mode! (You must be in safe mode or this fix will not work.)

Once in Safe Mode, double-click aproposfix.exe which will give you a chice of where to unzip/install the program to). This is called the Destination folder in the window that popsup. So either install it to the Desktop or the folder where you downloaded the aproposfix.exe file to. It will create a new folder named aproposfix. Open the aproposfix folder and double click on RunThis.bat to run the fix. Follow the prompts.

When the tool is finished, reboot back into normal mode, and post a new HijackThis log, along with the entire contents of the log.txt file that has been created in the aproposfix folder.

 

Thanks, bj. I missed that the first time I read teh log.