Several attempts to remove malware failed...help!

I have worked through the process to remove malware on your site three times. Although it did a good job getting rid of a lot of stuff, I am still getting pop-ups. I attached all of my logs. Subsequent to creating these, I deleted what I could manually. However, some files (like the netinstaller.exe) I couldn't find.

Any help that you could give me would be appreciated. I have been working on this all day and have just about had it.

Scott

 

Not sure logs same through.

 

Your logs did not post.

Please attach your logs again.

 

Sorry...hopefully it works this time.

 

You have HijackThis installed incorrectly. Please install HijackThis to C:\Program Files\HJT.

Uninstall MySearch and Winfixer 2005 if they exist.

Download and install
- ExplorerXP

Run ExplorerXP; navigate to and delete the following:

Follow the directions for
Smitfraud, SpySheriff, SpyAxe & PSGuard Removal and Running WinPfind by OldTimer.

Post the smitfiles.txt and WinPFind.txt files when finished with the above.

 

I seem to have the same files, but maybe in different locations?

I don't seem to be having as many pop-ups. Anything that I can do to get rid of the rest of these?

Scott

 

Those are not the logs I asked for; post smitfiles.txt and WinPFind.txt as previously requested.

HijackThis is still installed incorrectly. Move HijackThis to the correct folder per the instructions for Downloadng, Installing, and Running HijackThis.

Whatever you are disabling with MSConfig, enable it. We need to see everything.

 

Sorry, here are those logs.

Also, I noticed that if I log on to XP under my wife, she gets a lot more pop ups than me. Do I have to run certain apps logged on as her as well.

I appreciate your patience with all of this.

Thanks,

Scott

 

I did a little more searching under my wife's ID. The adware that keeps popping up is called Zeno. If I pull up the task manager, there is a process called kwingsap.exe that runs Zeno. If I stop the process, the adware disappears. I have found and deleted that file several times, but I can't seem to get rid of it for good.

Scott

 

Please post a fresh HijackThis log with all startup processes enabled. Don't use MSConfig to disable any startup processes.

 

Here you go. I see a few suspect things on here that I haven't noticed before.

 

Please follow the directions for Running Spy Sweeper.

Post teh SpySweeper log and a fresh HijackThis log when done.

 

See attached.

 

Download FixAprop to your Desktop.

Reboot to Safe Mode.

Run FixAprop.

Reboot to Safe Mode.

Run Microsoft AntiSpyware and let it fix what it finds.

Reboot to Normal Mode.

Your Spy Sweeper definitions are out dated update teh definitions and run it again. Post a new Spy Sweeper log.