Please Help Me...w32.annika

Welcome to MGs!

Have you seen anything related to SpyStrike, SpySheriff, Smitfraud, SpyAxe in any of the hijacks?

Run this: SpywareStrike, Smitfraud, SpySheriff, SpyAxe & PSGuard Removal

And attach the log.

 

You're welcome. It would be a good idea to attach the requested log though.

 

Does the icon on you Desktop allow you to right click and select Delete? Does it delete?

You have some other issues that we need to fix but I want to see the results of the above first. Also are you having any visible malware problems?

 

Oaky is the below Favorites folder something you added and have links in? If not, delete it.
C:\Documents and Settings\Tikku\Favorites\Health

Empty your MS Antispyware Quarantine and also the Quarantine folder that you have in C:\Spyware Tools\Quarantine


Also look in Add/Remove programs for RedSwoosh or RSSoft or RSEDNCLient and uninstall if found. Then delete the following folder: C:\Program Files\RSSoft

Also delete the following folder if found: C:\Program Files\Security Toolbar

 

If you are not having any other malware problems, it is time to go back to step 1 of the READ & RUN ME to Disable System Restore which will flush your Restore Points. Then reboot and enable System Restore to create a new clean Restore Point.

After that, you should work thru the below link:

How to Protect yourself from malware!

 

Either use Ccleaner or do it manually using Internet Explorer, but delete all the cookies in all user accounts (I saw many for Tikku and also the Guest account - note: Guest accounts really should be disabled for security reasons.)

After removing all of those cookies, run the steps in the below link again. Make sure you re-download the tool again (as it is updated frequently) and also re-read the steps as they change too:
SpywareStrike, Smitfraud, SpySheriff, SpyAxe & PSGuard Removal

Attach the requested smitfiles.txt and Panda logs. Also run the below and attach the requested log:

Using GetRunKey

 

The other extra files go away after you close the notepad window that pops up with the runkeys.txt log in it.

The only item of concern I see in the Panda log is:

Adware:adware/securitytoolbar Not disinfected Windows Registry

We will need to find where this registry entry is really located. Panda is rather weak in reporting registry keys. In fact what they report is not useful at all.

Download the Registry Search Tool

Unzip to your Desktop and double click on regsrch.vbs
(if you have script protection, please allow this to run)

In the dialog that opens enter the following:

securitytoolbar

Press 'OK'

The search will run for a while then alert you when it is finished. Press 'OK' and copy the contents of the WordPad window and post in this thread. If it is very long, an attachment would be better.

Now copy the contents of the below Quote Box to Notepad. Then click File and then Save As. Change the Save as Type to All Files. Name the file fixadt.reg and then click save. (make sure you save it somewhere you can find it. Saving it to your Desktop may make that easy.) Then double-click on the fixadt.reg file on your desktop (or locate it with Windows Explorer and double click on it if not saved to the Desktop) and when it prompts to Add in to the registry, say yes.

Do you use the WildTangent stuff? It is considered malware.
C:\Program Files\WildTangent\Apps\CDA\GameDrvr.exe

Attach a new HJT log too!

 

Well then we will probably have to ignore what Panda is giving us since they do not indicate where they are finding that item. It is probably a benign entry anyway.

That is just an entry related to Compaq Computer (own by HP now). You can fix it if you do not want it.

Yes! We normally do fix it but it seem like you were using it for something.

Look in Add/Remove programs for anything from WildTangent and uninstall if found. If anything remains in your log afterwards, just have HJT fix it.

Why did you start using MSconfig to control startups? We specifically request that not to be used while fixing problems with malware. You are blocking many things from running (some of which you need for protection - like MS AS. You also blocked WildTangent which HJT will no longer be able to fix since it does not show now.)

 

No you should not do that while we are trying to fix your PC and in fact if you disable ALL, then many things you need to have working in your system will not work.

Repeat the RegSrch tool step I gave you a few messages back but this time search for Toolbar