Newbie with Malware problems

I am sure you all are growing tired of people coming here and not doing the procedures on the stickies...That said I am feeling helpless here. I have purchased numerous spyware removal tools and used endless online scans. I finally gave up and upgraded my O/S from 2000 SP4 to XP SP2 (I was told this would fix it). This all started with the Look2me trojan. I started doing some windows updates after I upgraded to XP and stupidly did not realize that a FAKE microsoft update website had hijacked my homepage...I thought I had somehow chosen to do this and it was the real update website. After running my computer for two full days with this hijacked homepage I have identified the following threats using the free scan from Xoftscan:
Viewpoint
Wild Tangent
Winpcap
Begin2search
IEplugin
Look2me
Media Motor
GetMirar
I am at wits end here and just want to fix my computer. I have NoAdware, but it isnt finding these files in my registry. I am also using a Sunbelt Kerio Firewall. I am very apprehensive about purchasing anything further. I would rather try to just fix it myself.
Finally, the question: Should I purchase another remover or can someone tell me what I should be doing here? Please help.

 

Halo,

Wow this was a lot, luckily I had already ran most of those scans and were familiar with them. I read the instructions very carefully and did everything in the order it was listed. I did not have any problems till the Bitdefender scan...It stalled and got stuck. I went ahead and exported the incomplete log and attached it here along with all of the other required logs including hijackthis.

Thank you again for the support,
Christieb

*fingers crossed I did everything right* Don't want to get pointed and laughed at!

 

The additional logs attached..

 

After the fact I realized that I had saved the Hijackthis file inapropriately, so I moved it to its own folder under c://Program Files/HJT. Sorry for missing that step. I have attached the "new" log here.

Christieb

 

I have a registry cleaner on my computer and thought I would paste a log of my shell extentions here, thought that could help too.

 

Using add/remove programs which can be accessed from the control panel, uninstall the following:

Download and install Sun Java Runtime Environment 5.0 Update 9




Download

- Pocket KillBox

Extract each to its own folder somewhere that you will be able to locate later.

IMPORTANT: You should print or save the below locally, so you can refer to them while offline. You must exit all browsers before running the below steps and it would be best if you actually physically unplug your cable to the internet, reboot, and do not run anything but what I give you to do. Also it would be good to exit all processes and items in your System tray.

Do the above before continuing! Okay unplug your cable now.

Make sure you have rebooted in Normal Mode (do not open any other processes)




Run HijackThis. Click the 'Do a system scan only' button.

Click on the 'Fix checked' button. Wait for HijackThis to finish; close HijackThis.

Now run Pocket Killbox:

Paste the below filenames into KILL BOX one at a time. Check mark the box that says "Delete on Reboot" and checkmark the box "Unregister DLL" (If available) Click the RED X and it will ask you to confirm the file for deletion say YES and when the next box opens prompting you to reboot now...click NO...and proceed with the next file. Once you get to the last one click YES and it will reboot.

If Killbox does not reboot or you get a Pending Operations type error message just reboot your PC yourself.

Now boot into SAFE MODE

Open Windows Explorer navigate to and DELETE the following: (Some of these may have already been deleted by Pocket Killbox)

There are some other files to delete too

As you can see there is a problem with the filenames, this is because the infection uses non standard characters that can't be displayed in logs but will appear as files you would normally find on your computer. the first one will probably be appearing as Adobe\crrss.exe so shouldn't be hard to find and the other will probably appear as Assembly. Once you have managed to identify the correct folder you can delete the whole folder.

To help you identify the correct folder you can see that adobe folder was created/modified on the below date

If you have Windows XP delete the contents of C:\WINDOWS\Prefetch.


REBOOT to Normal Mode.

Let me know how things are running now

Post a fresh HijackThis log, a fresh newfiles log and a fresh activescan log.

 

I ran the killbox and deleted the files that were still there. My computer was working great, I left for the day with my network cable unplugged and another coworker shut my computer off. In the morning i re-booted and ran the scans you requested logs for. I attached the results...sigh.

 

Run Pocket Killbox:

Paste the below filenames into KILL BOX one at a time. Check mark the box that says "Delete on Reboot" and checkmark the box "Unregister DLL" (If available) Click the RED X and it will ask you to confirm the file for deletion say YES and when the next box opens prompting you to reboot now...click NO...and proceed with the next file. Once you get to the last one click YES and it will reboot.

If Killbox does not reboot or you get a Pending Operations type error message just reboot your PC yourself.

Now boot into SAFE MODE

Open Windows Explorer navigate to and DELETE the following: (Some of these may have already been deleted by Pocket Killbox)

Note the question mark in the last one, this is the same one as earlier. could you not find it ? did you delete it? it willk probably appear as assembly, once you identify the folder containing dvdplay.exe delete the file THEN delete the whole folder, let me know if it contains anything else!

If you have Windows XP delete the contents of C:\WINDOWS\Prefetch.


REBOOT to Normal Mode.

Let me know how things are running now

Post a fresh HijackThis log, a fresh newfiles log and a fresh activescan log.