please help, winfixer popups, thought it was fixed

Hi, this is the HijackThis! log from my friend's computer. I told her to do all the steps you suggested before posting a log and she said she did, but she lives 200 miles away so I can't say 100%. Anyways, she says she keeps getting popups with either winfixer, megafindhealth, or similar urls. I made her go through the anti-spyware measures, made her use cwshredder, and the vundofix but she is still getting them. Any help would be appreciated. And sorry if I'm violating any rules, I don't mean to.

• Edit by bjgarrick: Inline log attached!

 

Please do not copy and paste logs into your post; always post them as attachments.

Your friend has HijackThis install incorrectly; have her install HijackThis to C:\HJT.

Please follow the instructions in the following threads:
How to view hidden, system files & folders!
Searching for Hidden Files on WinXP

Please make sure System Restore is OFF.

Please print these instructions out for use in Safe Mode.

Please download VundoFix.exe to your desktop.

• Double-click VundoFix.exe to extract the files
• This will create a VundoFix folder on your desktop.
• After the files are extracted, please reboot your computer into Safe Mode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight Safe Mode then hit enter.
• Once in safe mode open the VundoFix folder and doubleclick on KillVundo.bat
• You will first be presented with a warning and a list of forums to seek help at.
  it should look like this

• At this point press enter one time.
• Next you will see:

• At this point please type the following file path (make sure to enter it exactly as below!):

• Press Enter, then press the F6 key, then press Enter one more time to continue with the fix.
• Next you will see:

• At this point please type the following file path (make sure to enter it exactly as below!):

C:\WINDOWS\system32\ijkmp.*​

• Press Enter, then press the F6 key, then press Enter one more time to continue with the fix.
• The fix will run then HijackThis will open.
• In HiJackThis, please place a check next to the following items and click FIX CHECKED:

• After you have fixed these items, close Hijackthis and Press any key to Force a reboot of your computer.
• Pressing any key will cause a "Blue Screen of Death" this is normal, do not worry!
• Once your machine reboots please attach a fresh HJT log from normal mode.

 

Thanks for the help, and sorry about pasting the log into my post. I thought I read everything about posting a log but obviously I missed some of the instructions. I'll post another log after I get her to follow those steps. Thanks again!

 

Ok I did everything you suggested, and also deleted all temp files again and updated and scanned with Spybot and AdAware. It seems the problem is fixed but if someone has the time to look over the new log and check for residuals I would appreciate it. Thanks in advance and thanks very much for the previous help!

 

You can uninstall MyWay if you would like. MyWay comes bundled with Dells and is considered Spyware by some.

You HijackThis log is clean. How is your computer running?

 

It's not my computer so I can't say for sure but it seems like everything is back to normal. I removed MyWay as much as I could by editing the registry, and anything that I left shouldn't affect much of anything. Didn't seem like there were anymore winfixer popups after the Vundofix so I'm pretty sure that is taken care of. Thanks again!

 

Your welcome, any other issues feel free to post back here.