WinAntiVirus popups grrrrrrrrr

Yesterday I had suddenly been attacked by a Trojan Virus by the name of DLoader.AMSO which information on this is scarce apparently. Afterwards I had mass pop ups seemingly on a timed schedule that I could not control. I have scanned my system with McAfee (all the progs I use are up to date)which alerted me to the malware but did not delete the trojan. I then re-downloaded F-Secure after uninstalling and completely removing McAfee. F-Secure allowed me to rename the trojan which then allowed me to delete it off my computer. The pop ups are from WinAntivirus and a few others that keep on coming no matter what I do. I also ran Windows Defender, F-Secure and spybot after the trojan was removed , but there is nothing else left to remove according to the scanners. I am on Windows XP Media Center Edition 2002 with SP2. Any help would be greatly appreciated. Thank You.

 

2nd Post...I apologize for leaving things out the first time. I went into safe mode while modem was unplugged as I use dsl..I ran CCleaner and it cleared the spyware that was current. I also ran Microsofts Malicious Tool cleaner nothing was found. Ran spybot...found nothing. Could not run windows defender from safe mode or safe mode with networking. Panda found spyware 6 to be precise..wasn't sure on how to save that log. Getrunkey is attached as is newfiles.txt. Also the Vundo removal would not work.

 

Here is the other file....while I am typing these pop ups are still occuring.

 

Welcome to MajorGeeks.com!

Please follow our standard cleaning procedures which are necessary for us to provide you support. Also there are steps included for installing, running, and posting HijackThis logs as attachments.

- Run ALL the steps in this Sticky thread READ & RUN ME FIRST Before Asking for Support

• Make sure you check version numbers and get all updates.

After doing ALL of the above you still have a problem make sure you have booted to normal mode and run the steps in the below link to properly use HijackThis:

Downloading, Installing, and Running HijackThis

Make sure you also rename HijackThis.exe as suggested in the procedures. Use analyse.exe for the new name. This is very important due to some new infections going around.

When you return to make your next post, make sure you attach the following logs and that you have run these scans in the following order too:

• CounterSpy - ONLY IF you were not able to run Windows Defender
• Bitdefender - from step 6
• Panda Scan - from step 6
• runkeys.txt - the log from GetRunKey.bat
• newfiles.txt - the log from ShowNew.bat
• HijackThis

 

Ok..I thought I did everything right the other day. So I went through all of the steps again that was listed in the READ AND RUN ME FIRST post. If you have followed my original posting about my symptoms I now have more symptoms such as common files opening after reboot at the get go...more pop ups along with the WinAntivirus. I will run down results from following the read and run me first post now.
CCleaner removed 243.4MB
Malicious Software Removal found nothing.
SpyBot and Destroy found WildTangent -11 entries
Microsoft Defender found nothing
Bitdefender found nothing
PandaScan found nothing but did not have options to detect problems tab or a save to txt tab this time around for some wierd reason.!?
I did this both ways in safe boot and full mode with same results.
GetRunKey and Show New files will be posted along with the other requested files that I could obtain. Posted above is the PandaScan log from the other day which is all I have to work with. HJ this will follow shortly.

 

HiJack this file will be attached, what do I need to do now?

 

Download
- Pocket Killbox

<< The installed version of Java on this compter is out-dated. Install Java Runtime Environment (JRE) 5.0 Update 8 available from http://java.sun.com/javase/downloads/index.jsp. Uninstall all older versions of Java on your computer, before installing the latest version of Java. >>

Using Add or Remove Programs in the Control Panel; uninstall the following:

Run HijackThis. Click the 'Do a system scan only' button. Place a checkmark in the box next to the following lines:

Click on the 'Fix checked' button. Wait for HijackThis to finish; close HijackThis.

Now run Pocket Killbox:

Choose Tools -> Delete Temp Files and click Delete Selected Temp Files

Then after it deletes the files click the Exit (Save Settings) button.

NOTE: Pocket Killbox will only list the added files it is able to find on the system. So when you do the below, if some files do not show in the list after pasting them in, just continue..

Select:

• Delete on Reboot
• then Click on the All Files button.
• Please copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):
• Return to Killbox, go to the File menu, and choose Paste from Clipboard.
• Click the red-and-white Delete File button. Click Yes at the Delete on Reboot prompt. Click OK at any PendingFileRenameOperations prompt (and please let me know if you receive this message!).

If Killbox does not reboot or you get a Pending Operations type error message just reboot your PC yourself.

Now boot into SAFE MODE

Open ExplorerXP navigate to and DELETE the following: (Some of these may have already been deleted by Pocket Killbox)

Now run CCleaner. If you have Windows XP delete the contents of C:\WINDOWS\Prefetch.

Then, as an added precaution, Go to Start -> Run and type: cleanmgr and then click OK. Make sure the boxes for these are checked:
Temporary Files
Temporary Internet Files
Recycle Bin

And Click OK.

REBOOT to Normal Mode.

Post a fresh HijackThis log.

 

Ok..per your instructions I did the above. I noticed after the copy/paste of the 4 files to the clipboard then to kill box ..F-secure caught a Trojan Downloader.Win32.ConHook.ah...interesting. I did not receive any message titled " Pending FileRenameOperations prompt". Once in Safe Mode I did not find any of the 4 files via XP explorer. The Common File folder is still opening at get go in normal mode at reboot in ie. What is with that? Attached in the new HJ log per your request.

 

The log didn't attach.

 

I'm tired forgive me...seems this site is good about keeping people from posting the same things over n over lol.