spyware problem HJT -log

Hi please help me with this annoying thing

I've had winfixer annoying me for a few weeks. Yesterday i removed my norton 2005 so that i could install my new version of norman antvirus. Then i was even more annoyed because norman found but could not remove w32agent_.fz. there was something in front or after agent in the name.

I've tried my best following instrcutions and still system restore is disabled.

Before i followed the instructions and just tried the tools. ad-aware found 4 + 4 problems with the name i mentioned above. Could not remove them though because they were there when i re-scanned. Same with web root. Found 47 problems and a critical one in vondafone or something. Came back aswell.

When i followed insructions nothing was found in adawere, spybot found something and winfixer soomething was one of them. Sweeper found nothing.

 

Scan with HijackThis and fix the following:

Download
- Pocket Killbox

Now run Pocket Killbox:

Choose Tools -> Delete Temp Files and click OK.

Run Killbox.exe. Paste the below filenames into KILL BOX one at a time. Check mark the box that says "Delete on Reboot" and checkmark the box "Unregister DLL" (If available) Click the RED X and it will ask you to confirm the file for deletion…say YES and when the next box opens prompting you to reboot now...click NO...and proceed with the next file. Once you get to the last one click YES and it will reboot. Note many of the file list below may not exist but we need to check for them anyway.

If Killbox does not reboot or you get a Pending Operations type error message just reboot your PC yourself.

Now boot into SAFE MODE

Open Windows Explorer navigate to and DELETE the following: (Some of these may have already been deleted by Pocket Killbox)

Now run CCleaner. If you have Windows XP delete the contents of C:\WINDOWS\Prefetch.

Then, as an added precaution, Go to Start -> Run and type: cleanmgr and then click OK. Make sure the boxes for these are checked:
Temporary Files
Temporary Internet Files
Recycle Bin

And Click OK.

REBOOT to Normal Mode.

Run CCleaner before doing the below.

Download WinPFind

Extract it to the root folder of drive C ( C:\ ). This will create a folder called WinPFind in the C:\ folder. Inside C:\WinPFind is a file called WinPFind.exe. Double-click on this file to launch the program. Once it is launched, click on the Start Scan button and wait for it to finish. This program will scan large amounts of files on your computer for known patterns so please be patient while it works as it can take a while, upwards to 30 minutes or more.

When it is done, it will show the results of the scan. Click on the Copy to Clipboard button and then paste the contents of the log in your clipboard. Then save it to a file using notepad and upload the text file here as an attachment.

 

Thanks alot for taking the time and the effort helping me out.

Did not see you wanting me to put a new hjt log and im gonna wait until i enable system restore right?

 

Download and install
- ExplorerXP

Run ExplorerXP, navigate to and delete the following:

Now run REGEDIT and navigate to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run locate NWEReboot and delete it.

Now Reboot. How is your computer running.

 

Not sure how i test how its running but i havent had the annoying virus pop up or had winfixer pop up ever since i followed your stickies i think, or was it after your first help. i think after the stickies.

its not that i have surfed much though so maybe winfixer comes back but it looks fine right now


Am i ready to turn on systenm restore? not sure why i bring that up or if its important.

 

YEs, you can turn on system restore again. Surf around a little, and if you start having problems again, post back in this thread.