Popup's

Hi

Its best and the only way we will be able to offer you assistance in removeing any malware is to follow the guide steps and attach the requested logs.

 

You need to attach the other three logs that were requested. Looks like you did things in the wrong order. Bitdefender and PandaActiveScan should be run before doing GetRunKey and ShowNew. Also you had CounterSpy ignore Adw.MyGlobalSearch.Toolbar. You should have deleted or quarantined it. But first try going to Add/Remove programs and uninstalling My Global Search Bar ar requested in step 0 of the READ ME.


Then run CounterSpy again and have it Quarantine any malware that remains.

Also download HOSTER and then follow the below steps.

• Unzip Hoster to a convenient folder such as C:\Hoster
• Run Hoster.exe, click Restore Microsoft's Hosts File and then click OK.
• Click the X to exit the program

Do you still have Torrent101 installed? If so delete it and all associated folders.

Then run BitDefender and PandaActiveScan now and attach the requested logs. Then complete the instructions in step 7 of the READ ME and attach a HijackThis log.

 

Did you configure the below policies yourself? Read the links I posted next to each one for more info.
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoInstrumentation"=dword:00000001 <-- http://www.microsoft.com/technet/prodtechnol/windows2000serv/reskit/regentry/93173.mspx?mfr=true
"NoResolveTrack"=dword:00000001 <-- http://www.microsoft.com/technet/prodtechnol/windows2000serv/reskit/regentry/93176.mspx?mfr=true
"NoResolveSearch"=dword:00000001 <-- http://www.microsoft.com/technet/prodtechnol/windows2000serv/reskit/regentry/93175.mspx?mfr=true
"NoSMBalloonTip"=dword:00000001 <-- http://technet2.microsoft.com/WindowsServer/en/library/c1f669b0-f134-45ef-b898-6ce6f2fa6b4b1033.mspx?mfr=true

Uninstall the Sunbelt CounterSpy trial since we are finished with it now! Then delete the below two folders left behind by the uninstall:
C:\Documents and Settings\Administrator\Local Settings\Application Data\Sunbelt Software
C:\Program Files\Sunbelt Software

Make sure viewing of hidden files is enabled (per the tutorial).

Run HijackThis and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:
O4 - HKLM\..\Run: [Ford File 16 Else] C:\Documents and Settings\All Users\Application Data\setup first ford file\stoproad.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [GplAdmin] C:\DOCUME~1\LOCALS~1\APPLIC~1\INTERN~1\joycash.exe

After clicking Fix, exit HJT.

Now reboot in normal mode

Now Copy the bold text below to notepad. Save it as fixME.reg to your desktop. Be sure the "Save as" type is set to "all files" Once you have saved it double click it and allow it to merge with the registry.

Now locate the below folders and delete it if found:
C:\Documents and Settings\Administrator\Application Data\internet regs
C:\Documents and Settings\Administrator\Application Data\Torrent101
C:\Documents and Settings\All Users\Application Data\setup first ford file
C:\Documents and Settings\LocalService\Application Data\internet regs
C:\Program Files\internet regs
C:\Program Files\Torrent101

Now run Ccleaner
Now attach the below new logs and tell me how the above steps went.

1. GetRunKey
2. ShowNew
3. HJT

Make sure you tell me how things are working now!

Reminder Note: Once we have determined you are malware free you will need to disable System Restore, reboot, and re-enable system restore per step 1 of the READ & RUN ME. This only applies to if using WinXP or WinMe.

 

These have nothing to do with our procedures. I can give a procedure to fix them if you want??

Yes you do!