WINFIXER Popups won't go away!

Did you look at the Special Removal Procedures thread that was listed in the READ & RUN ME. See the reference to Virtumonde aka WinFixer.

 

The link is in the READ ME & RUN. See step 6.

 

You're welcome! Yes SpySweeper is excellent. Are you sure everything is now fixed?

 

Make sure you have booted to normal mode and run the steps in the below link to properly use HijackThis and attach a log:

Downloading, Installing, and Running HijackThis

 

You need to follow the directions in that link for HJT. You did not install it properly and also you have some items running that should not be:

C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Documents and Settings\Ms. Heather Jean\Local Settings\Temp\HijackThis.exe <--- this is where we request that it not be installed

Is the below something you installed? It is normally considered a Trojan.

O4 - Global Startup: palstart.exe

 

It may be! There could be a baddie that uses the same name. If you are sure it is okay just leave it be.


If you are using WinXP or WinMe, make sure you have system restore disabled (per the tutorial).
For all OS types, make sure viewing of hidden files is enabled (per the tutorial).

Run HijackThis and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:
O2 - BHO: MSEvents Object - {FC148228-87E1-4D00-AC06-58DCAA52A4D1} - C:\WINDOWS\system32\pmkhi.dll (file missing)
O3 - Toolbar: (no name) - {11359F4A-B191-42D7-905A-594F8CF0387B} - (no file)
O20 - Winlogon Notify: pmkhi - C:\WINDOWS\system32\pmkhi.dll (file missing)
O23 - Service: AntiVir Service (AntiVirService) - Unknown owner - C:\PROGRAM FILES\AVPERSONAL\AVGUARD.EXE (file missing)

After clicking Fix, exit HJT.
Boot into safe mode and use Windows Explorer to delete:
C:\PROGRAM FILES\AVPERSONAL

Now reboot in normal mode and post a new HJT log. And tell us how things are working.
The O23 Service may need a special procedure to remove. We will see.

 

You're welcome! Looks clean now. So how are things working?

If everything is okay, it is time to check this out: How to Protect yourself from malware!

Also as a long term solution you should decide whether you want Spy Sweeper or MS Antispyware installed and running. I would not leave them both running because they do use a load of system rsources. If you purchased (or plan to) Spy Sweeper, I would keep it. Otherwise it is only a trial and expires in 14 days from installation.

 

You're welcome! Make sure you enjoy the holidays malware free and work thru that link I gave you in my last message.