Pad Lookuups 180 search assistant

At the end of your previous thread ( http://forums.majorgeeks.com/showthread.php?t=63642 ) I posted something for you to do. Specifically the How to Protect yourself from malware! thread. Did you do those steps at that time?


- Download HijackThis 1.99.1

- Unzip the hijackthis.exe file to a folder you create named C:\Program Files\HJT

- Do NOT run Hijack This from the Desktop, a temp folder, or a sub-folder of C:\Documents and Settings, or choose to run it directly from the downloaded ZIP file.

- Before running HijackThis: You must close each of the following:your web browser, e-mail client, instant messenger, and programs like notepad, wordpad, MS Word etc. And any other unnecessary running programs.

- Run HijackThis and save your log file.

- Post your log as an ATTACHMENT to your next message. (Do NOT copy/paste the log into your post).

 

Not completely from what I can see. You never installed a firewall for one thing and that is probably the second most important thing to do (some may say it's the most important).

First look in Add/Remove programs for the below and uninstall if found:
n-case
Search-Assistant
180 Solutions

Then continue with the below to make sure we get rid of them.

If you are using WinXP or WinMe, make sure you have system restore disabled (per the tutorial).
For all OS types, make sure viewing of hidden files is enabled (per the tutorial).

Run HijackThis and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://hsremove.com/done.htm
O4 - HKLM\..\Run: [msbb] c:\program files\n-case\msbb.exe
O4 - HKCU\..\Run: [180ClientStubInstall] "C:\Program Files\Search-Assistant\stubinstaller.exe"

After clicking Fix, exit HJT.
Boot into safe mode and use Windows Explorer to delete:
c:\program files\n-case <--- the whole folder
C:\Program Files\Search-Assistant <--- the whole folder

If you get an error when deleting a file. Right click on the file and check to see if the read only attribute is checked. If it is, uncheck it and try again. Other wise open Task Manager and kill the process if running then delete the file.

Now run Ccleaner (installed while running the READ ME FIRST). Now if running Win XP goto c:\windows\Prefetch and delete all files in this folder.

Now reboot in normal mode and post a new HJT log. And tell us how things are working.

 

Did you try using Add/Remove programs to uninstall:

Interstitial Ad Delivery
PAD Lookups

If the above does not work, try the below (and not I'm assuming that the names you gave me are how the programs appear in the registry):

Copy the contents of the below Quote Box to Notepad. Then click File and then Save As. Change the Save as Type to All Files. Name the file fixunst.reg and then click save. (make sure you save it somewhere you can find it. Saving it to your Desktop may make that easy.) Then double-click on the fixunst.reg file on your desktop (or locate it with Windows Explorer and double click on it if not saved to the Desktop) and when it prompts to Add in to the registry, say yes

Did you disable the Windows XP SP2 built-in firewall? You need to do that after you install a real firewall like Sygate. (Note: the SP2 firewall is not good enough to use only it and you must not use multiple software firewalls.)

 

Also you may find the below helpful:

http://www.microsoft.com/technet/community/columns/cableguy/cg0204.mspx

 

Your previous logs showed no signs of Zone Alarm so I'm not sure when you mean you uninstalled it. See your HJT log in message # 3. There was no ZoneAlarm. That is why I told you to get a firewall.

 

You're welcome. Make sure you look at the below thread and complete the necessary steps to help keep you clean:

How to Protect yourself from malware!

 

Delete the Guest account. It is not safe anyway. It has long been know to be a major security whole. Do not let other people use your PC? If you do then you will have to place restrictions on the account. Do not allow downloads, do not allow installs, etc. Make sure it is not an account that has administrator priviledges. NEVER let them use your account but the best advice is still Do not let other people use your PC!

Did you complete ALL the steps in the How to protect thread?
Did you install Spybot and use the Immunize feature?
Did you install SpywareBlaster and use all of its protections?