0

I have been having problems with my computer recently. One thing that has been happening which i think is important is that every time i try to run a spyware scan (Ad-Aware) my computer shuts down with a message to the extent of "Critical error...." ( sorry...i dont remember what it says exactly). here is my most recent Hijackthis scan log. any help would be most grateful.

Logfile of HijackThis v1.99.1
Scan saved at 9:35:10 PM, on 2/8/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\Java\j2re1.4.2_05\bin\jucheck.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Kevin\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: MSEvents Object - {FC148228-87E1-4D00-AC06-58DCAA52A4D1} - C:\WINDOWS\system32\geedb.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [WinFixer_2005] C:\Program Files\WinFixer_2005\uwfx5.exe /scan
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - Winlogon Notify: geedb - C:\WINDOWS\system32\geedb.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: CWShredder Service - Unknown owner - C:\Documents and Settings\Kevin\Local Settings\Temporary Internet Files\Content.IE5\GBZV2011\cwshredder[1].exe (file missing)
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe


thank you again!
Kevin

3
Contributors
8
Replies
9
Views
11 Years
Discussion Span
Last Post by DMR
0

You have a Winfixer/Virtumundo infection; please do the following:

Download VundoFix.exe to your desktop.
1. Double-click VundoFix.exe to run it.
2. Click the "Scan for Vundo" button.
3. Once it's done scanning, click the "Remove Vundo" button.
4. You will receive a prompt asking if you want to remove the files, click "YES".
5. Once you click yes, your desktop will go blank as it starts removing Vundo.
6. When completed, VundoFix will prompt that it will shutdown your computer; click "OK".
7. Turn your computer back on.
8. Please post the contents of C:\vundofix.txt and a new HiJackThis log.

0

Vundo:
C:\WINDOWS\system32\geedb.dll
C:\WINDOWS\system32\bdeeg.ini
C:\WINDOWS\system32\bdeeg.bak1
C:\WINDOWS\system32\bdeeg.bak2
C:\WINDOWS\system32\bdeeg.ini2
C:\WINDOWS\system32\bdeeg.tmp

C:\WINDOWS\SYSTEM32\bdeeg.bak1
C:\WINDOWS\SYSTEM32\bdeeg.bak2
C:\WINDOWS\SYSTEM32\bdeeg.tmp
C:\WINDOWS\SYSTEM32\bdeeg.ini
C:\WINDOWS\SYSTEM32\bdeeg.ini2
C:\WINDOWS\SYSTEM32\geedb.dll
C:\WINDOWS\SYSTEM32\bdeeg.ini2
C:\WINDOWS\SYSTEM32\bdeeg.bak2
C:\WINDOWS\SYSTEM32\bdeeg.tmp
C:\WINDOWS\SYSTEM32\bdeeg.ini
C:\WINDOWS\SYSTEM32\bdeeg.ini2
C:\WINDOWS\SYSTEM32\geedb.dll
Attempting to delete C:\WINDOWS\system32\geedb.dll
C:\WINDOWS\system32\geedb.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\bdeeg.ini
C:\WINDOWS\system32\bdeeg.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\bdeeg.bak1
C:\WINDOWS\system32\bdeeg.bak1 Has been deleted!

Attempting to delete C:\WINDOWS\system32\bdeeg.bak2
C:\WINDOWS\system32\bdeeg.bak2 Has been deleted!

Attempting to delete C:\WINDOWS\system32\bdeeg.ini2
C:\WINDOWS\system32\bdeeg.ini2 Has been deleted!

Attempting to delete C:\WINDOWS\system32\bdeeg.tmp
C:\WINDOWS\system32\bdeeg.tmp Has been deleted!

Performing Repairs to the registry.
Done!

HijackThis:
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\Java\j2re1.4.2_05\bin\jucheck.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Kevin\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [WinFixer_2005] C:\Program Files\WinFixer_2005\uwfx5.exe /scan
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: CWShredder Service - Unknown owner - C:\Documents and Settings\Kevin\Local Settings\Temporary Internet Files\Content.IE5\GBZV2011\cwshredder[1].exe (file missing)
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe

0

1. Run Hijackthis again, put a check in the boxes to the left of the following entries, and then click the "Fix Checked" button:

O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKCU\..\Run: [WinFixer_2005] C:\Program Files\WinFixer_2005\uwfx5.exe /scan


2. Delete the entire C:\Program Files\WinFixer_2005 folder and then empty your Recycle Bin.


3. Perform the following procedures to clean up loose ends which don't show up in a HijackThis log:

You will need to close/quit all web browser programs and disconnect from the Internet for much of the following, so you should print out these instructions or save them into a text file with Notepad.

> Download and install the following utilities:

CCleaner - www.ccleaner.com
Webroot Spy Sweeper (14 day free trial) - http://www.webroot.com/shoppingcart...4011&vcode=DT02
Microsoft Anti-Spyware beta - http://www.microsoft.com/downloads/...&displaylang=en
ewido Anti-malware (14 day free trial) - http://www.ewido.net/en/download/

- Open Spy Sweeper, click on "Options", and then click on "Update Definitions" under the Program Options tab. Do not run a scan yet; just close the program once the update completes.

- Open ewido. In the main screen, click "Update" and click "Start Update". After the update process completes, exit from Ewido.

- Open MS Antispyware beta. Make sure the "AntiSpyware Autoupdater" feature is enabled, and that it has downloaded the most current antispyware updates. Close the program after you've verified this.

- Open your anti-virus program and make sure that it has the most current virus definitions installed. Again- don't scan yet, just close the program once it's updated.


> Reboot into Safe Mode (you get to the safe mode boot option by hitting the F8 key as your computer is starting up) and:

- Open Windows Explorer, and in the Folder Options->View settings under the Tools menu; check "Show hidden files and folders", and uncheck "Hide protected operating system files" and "Hide extentions for known file types". Close Explorer after that.

- Open CCleaner.
- Go to Options-> Advanced: Uncheck "Only delete files in Windows Temp folders older than 48 hours"
- Go to Options>CustomFolders>Add Folder>Navigate to these folders (click on bold file once and hit OK) :
* C:\Windows\Temp
* C:\Windows\Prefetch
* C:\Documents and Settings\<Your Profile>\Local Settings\Temporary Internet Files\ (This will delete all your cached internet content including cookies.)
* C:\Documents and Settings\<Your Profile>\Local Settings\Temp
* C:\Documents and Settings\<any other user's Profile>\Local Settings\Temporary Internet Files
* C:\Documents and Settings\<Any other user's Profile>\Local Settings\Temp
* C:\Documents and Settings\<Your Profile>\Cookies
* C:\Documents and Settings\<Any other users Profile>\Cookies
Hit OK

- In left pane, scroll down to "Advanced, Custom Folders", put a check in Custom Folders

- Click on Run Cleaner

It may take a while for the program to perform its cleaning, so be patient. Close the program when it has finished.


- Run your anti-virus, MS Antispyware, and ewido; have the programs fix all malicious items they find.

When ewido finds the first malicious object on your system, it will ask you if it should clean it. When it asks this, put a checkmark in the lower left corner of the box that says "Perform action on all infections", then choose clean and click OK.
Save the log file that ewido will create after it finishes scanning; you'll be including that log in your next post here.

- Run Spy Sweeper.
* Under the Sweep Options tab, select ALL options under 'What to Sweep'.
* Click the "Sweep" icon and then "Start" to begin scanning.
*When the scan completes, click Next to automatically quarantine all detected items.
*Click the Results icon, select Session Log, and then click Save to File. Save the scan results to your desktop and close Spy Sweeper.


> Empty your Recycle Bin and reboot normally.


> Run HijackThis again, and post the new log. Also post the logs that ewido and Spy Sweeper generated.

0

ran everything as told with one exeption. i was unable to access the microsoft anit-spyware beta. i continued without it.

HiJackThis:
Logfile of HijackThis v1.99.1
Scan saved at 8:22:43 PM, on 2/14/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Kevin\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [url]http://www.dell4me.com/myway[/url]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [url]http://www.dell4me.com/myway[/url]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [url]http://www.dell4me.com/myway[/url]
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - [url]http://wwws.musicmatch.com/mmz/openWebRadio.html[/url] (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - [url]http://go.microsoft.com/fwlink/?linkid=48835[/url]
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: CWShredder Service - Unknown owner - C:\Documents and Settings\Kevin\Local Settings\Temporary Internet Files\Content.IE5\GBZV2011\cwshredder[1].exe (file missing)
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe

Ewido:
---------------------------------------------------------
 ewido anti-malware - Scan report
---------------------------------------------------------

 + Created on:          7:17:26 PM, 2/14/2006
 + Report-Checksum:     C8929BE1

 + Scan result:

    C:\Program Files\Common Files\WinSoftware\FCrXML.dll -> Adware.Winfixer : Cleaned with backup
    C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP529\A0021061.dll -> Downloader.Agent.yf : Cleaned with backup
    C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP555\A0021505.dll -> Adware.Virtumonde : Cleaned with backup
    C:\WINDOWS\SYSTEM32\bnefdxol.dll -> Logger.Agent.kg : Cleaned with backup
    C:\WINDOWS\SYSTEM32\enpkspct.dll -> Logger.Agent.kg : Cleaned with backup
    C:\WINDOWS\SYSTEM32\flvauyym.dll -> Logger.Agent.kg : Cleaned with backup
    C:\WINDOWS\SYSTEM32\fpohymww.dll -> Logger.Agent.kg : Cleaned with backup
    C:\WINDOWS\SYSTEM32\hxtjidct.dll -> Logger.Agent.kg : Cleaned with backup
    C:\WINDOWS\SYSTEM32\ksqjjknb.dll -> Logger.Agent.kg : Cleaned with backup
    C:\WINDOWS\SYSTEM32\ndurphms.dll -> Logger.Agent.kg : Cleaned with backup
    C:\WINDOWS\SYSTEM32\nkrxivep.dll -> Logger.Agent.kg : Cleaned with backup
    C:\WINDOWS\SYSTEM32\ofpevpmw.dll -> Logger.Agent.kg : Cleaned with backup
    C:\WINDOWS\SYSTEM32\qqkasuef.dll -> Logger.Agent.kg : Cleaned with backup
    C:\WINDOWS\SYSTEM32\ujtkdoxt.dll -> Logger.Agent.kg : Cleaned with backup
    C:\WINDOWS\SYSTEM32\ustceoyb.dll -> Logger.Agent.kg : Cleaned with backup


::Report End

Spy Sweeper:
********
7:21 PM: |       Start of Session, Tuesday, February 14, 2006       |
7:21 PM: Spy Sweeper started
7:21 PM: Sweep initiated using definitions version 614
7:21 PM: Starting Memory Sweep
7:22 PM: Memory Sweep Complete, Elapsed Time: 00:01:42
7:22 PM: Starting Registry Sweep
7:23 PM:   Found Adware: winantispyware 2005
7:23 PM:   HKCR\flfxr.flfixer\  (3 subtraces) (ID = 812689)
7:23 PM:   HKCR\appid\compcl.dll\  (1 subtraces) (ID = 812722)
7:23 PM:   HKCR\clsid\{93b11ae3-cb8d-43cc-a730-752caab185c0}\  (10 subtraces) (ID = 812866)
7:23 PM:   HKCR\typelib\{dd35d052-76f9-4bfa-9005-69f1b26dc72a}\  (9 subtraces) (ID = 813030)
7:23 PM:   HKLM\software\winfixer2005\  (1 subtraces) (ID = 813086)
7:23 PM:   HKLM\software\classes\flfxr.flfixer\  (3 subtraces) (ID = 813191)
7:23 PM:   HKLM\software\classes\appid\compcl.dll\  (1 subtraces) (ID = 813224)
7:23 PM:   HKLM\software\classes\clsid\{93b11ae3-cb8d-43cc-a730-752caab185c0}\  (10 subtraces) (ID = 813368)
7:23 PM:   HKLM\software\classes\typelib\{dd35d052-76f9-4bfa-9005-69f1b26dc72a}\  (9 subtraces) (ID = 813532)
7:23 PM:   HKLM\software\microsoft\windows\currentversion\uninstall\uwfx5_is1\  (14 subtraces) (ID = 813553)
7:23 PM:   HKLM\software\microsoft\windows\currentversion\shareddlls\ || c:\program files\common files\winsoftware\fcrxml.dll (ID = 819066)
7:23 PM:   HKLM\software\microsoft\windows\currentversion\shareddlls\ || c:\program files\common files\winsoftware\prcheck.dll (ID = 819067)
7:23 PM:   HKCR\df_fixer.fix.1\  (3 subtraces) (ID = 970172)
7:23 PM:   HKCR\df_fixer.fix\  (5 subtraces) (ID = 970176)
7:23 PM:   HKCR\df_prox.drivermanipulat.1\  (3 subtraces) (ID = 970182)
7:23 PM:   HKCR\df_prox.drivermanipulat\  (5 subtraces) (ID = 970186)
7:23 PM:   HKCR\fixcor.mmfixcor.1\  (3 subtraces) (ID = 970192)
7:23 PM:   HKCR\fixcor.mmfixcor\  (5 subtraces) (ID = 970196)
7:23 PM:   HKCR\mmfx.cofixengin.1\  (3 subtraces) (ID = 970202)
7:23 PM:   HKCR\mmfx.cofixengin\  (5 subtraces) (ID = 970206)
7:23 PM:   HKCR\ffwrap.ffenginwrape.1\  (3 subtraces) (ID = 970212)
7:23 PM:   HKCR\ffwrap.ffenginwrape\  (5 subtraces) (ID = 970216)
7:23 PM:   HKCR\compcleancor.appcleane.1\  (3 subtraces) (ID = 970222)
7:23 PM:   HKCR\compcleancor.appcleane\  (5 subtraces) (ID = 970226)
7:23 PM:   HKCR\compcleancore.fileclean.1\  (3 subtraces) (ID = 970232)
7:23 PM:   HKCR\compcleancor.filecleane\  (5 subtraces) (ID = 970236)
7:23 PM:   HKCR\compcleancor.inetcleane.1\  (3 subtraces) (ID = 970242)
7:23 PM:   HKCR\compcleancor.inetcleane\  (5 subtraces) (ID = 970246)
7:23 PM:   HKCR\compcleancor.cquickscan.1\  (3 subtraces) (ID = 970252)
7:23 PM:   HKCR\compcleancor.cquickscan\  (5 subtraces) (ID = 970256)
7:23 PM:   HKCR\compcleancor.regcleane.1\  (3 subtraces) (ID = 970262)
7:23 PM:   HKCR\compcleancor.regcleane\  (5 subtraces) (ID = 970266)
7:23 PM:   HKCR\compcleancor.systemcleane.1\  (3 subtraces) (ID = 970272)
7:23 PM:   HKCR\compcleancor.systemcleane\  (5 subtraces) (ID = 970276)
7:23 PM:   HKCR\uwfxpcheck.uwfxpcheck.1\  (3 subtraces) (ID = 970282)
7:23 PM:   HKCR\uwfxpcheck.uwfxpcheck\  (5 subtraces) (ID = 970286)
7:23 PM:   HKCR\clsid\{1fbbc0b6-ac2a-468f-80b3-1edf649fba66}\  (12 subtraces) (ID = 970293)
7:23 PM:   HKCR\clsid\{c5ef03ac-84d1-4888-b243-ead1947a2fe0}\  (12 subtraces) (ID = 970306)
7:23 PM:   HKCR\clsid\{bf15c0e3-dd2f-453f-9461-8fb8ba311753}\  (12 subtraces) (ID = 970324)
7:23 PM:   HKCR\clsid\{6adc47f3-9670-4771-a89c-b7516a3f78ce}\  (4 subtraces) (ID = 970337)
7:23 PM:   HKCR\clsid\{6eb57351-498d-4e70-92b1-e1a29cefe972}\  (21 subtraces) (ID = 970342)
7:23 PM:   HKCR\clsid\{6275c07b-d390-402d-b38a-54d301a246f9}\  (4 subtraces) (ID = 970364)
7:23 PM:   HKCR\clsid\{00e894c0-f4ec-4129-9321-f73ea0ad1eca}\  (21 subtraces) (ID = 970369)
7:23 PM:   HKCR\clsid\{a3bdf108-91d9-4764-a564-8f9441da2938}\  (12 subtraces) (ID = 970391)
7:23 PM:   HKCR\clsid\{34491c49-06dd-46a1-926a-a71dbe35f0da}\  (12 subtraces) (ID = 970404)
7:23 PM:   HKCR\clsid\{f915030e-1f82-4368-92ec-f782a36d9e76}\  (12 subtraces) (ID = 970417)
7:23 PM:   HKCR\clsid\{11ae85fb-f48e-4c15-beee-8bc945472d83}\  (12 subtraces) (ID = 970430)
7:23 PM:   HKCR\clsid\{90d29529-5923-4eaf-b946-07bc5da11c0a}\  (12 subtraces) (ID = 970443)
7:23 PM:   HKCR\clsid\{693e85bf-0a75-4250-bfcc-87bd34703e5d}\  (12 subtraces) (ID = 970456)
7:23 PM:   HKCR\clsid\{4f3f122c-7950-4ae9-b2f1-5ab59e8294f0}\  (4 subtraces) (ID = 970469)
7:23 PM:   HKCR\clsid\{6e53e70c-9089-494a-9f51-abc499636dae}\  (14 subtraces) (ID = 970474)
7:23 PM:   HKCR\typelib\{9091d048-b037-4d7d-a40a-65f5fe9de61f}\  (9 subtraces) (ID = 970491)
7:23 PM:   HKCR\typelib\{4badd989-2360-463e-972a-953dc0d3f3be}\  (9 subtraces) (ID = 970501)
7:23 PM:   HKCR\typelib\{1a955b68-7c64-4193-840a-2f4979643173}\  (9 subtraces) (ID = 970511)
7:23 PM:   HKCR\typelib\{f110a1da-d25e-44cd-8cfd-e19671b26f6f}\  (9 subtraces) (ID = 970521)
7:23 PM:   HKCR\typelib\{512558be-0df4-4d52-89ab-7aea8353c4ab}\  (9 subtraces) (ID = 970531)
7:23 PM:   HKCR\typelib\{18ac54bb-5f98-44bd-be0e-ed31145849b2}\  (9 subtraces) (ID = 970541)
7:23 PM:   HKCR\typelib\{c2ae9e5b-3ebd-49fd-9ab4-36c1a1e4af39}\  (9 subtraces) (ID = 970551)
7:23 PM:   HKCR\appid\{6f9da798-4e32-4b96-848a-682ef26492a4}\  (1 subtraces) (ID = 970563)
7:23 PM:   HKCR\appid\fxcor.dll\  (1 subtraces) (ID = 970565)
7:23 PM:   HKCR\appid\{866e8004-1bdb-40d7-a3e7-15ac1d8de89b}\  (1 subtraces) (ID = 970567)
7:23 PM:   HKCR\appid\mmfx.dll\  (1 subtraces) (ID = 970569)
7:23 PM:   HKCR\appid\{40c70063-68a3-4e74-8947-1d813cb20087}\  (1 subtraces) (ID = 970571)
7:23 PM:   HKCR\appid\ffwrap.dll\  (1 subtraces) (ID = 970573)
7:23 PM:   HKCR\appid\{a025cbcb-2551-41e0-a76c-c3c815180876}\  (1 subtraces) (ID = 970575)
7:23 PM:   HKLM\software\classes\df_fixer.fix.1\  (3 subtraces) (ID = 970600)
7:23 PM:   HKLM\software\classes\df_fixer.fix\  (5 subtraces) (ID = 970604)
7:23 PM:   HKLM\software\classes\df_prox.drivermanipulat.1\  (3 subtraces) (ID = 970610)
7:23 PM:   HKLM\software\classes\df_prox.drivermanipulat\  (5 subtraces) (ID = 970614)
7:23 PM:   HKLM\software\classes\fixcor.mmfixcor.1\  (3 subtraces) (ID = 970620)
7:23 PM:   HKLM\software\classes\fixcor.mmfixcor\  (5 subtraces) (ID = 970624)
7:23 PM:   HKLM\software\classes\mmfx.cofixengin.1\  (3 subtraces) (ID = 970630)
7:23 PM:   HKLM\software\classes\mmfx.cofixengin\  (5 subtraces) (ID = 970634)
7:23 PM:   HKLM\software\classes\ffwrap.ffenginwrape.1\  (3 subtraces) (ID = 970640)
7:23 PM:   HKLM\software\classes\ffwrap.ffenginwrape.1\clsid\  (1 subtraces) (ID = 970642)
7:23 PM:   HKLM\software\classes\ffwrap.ffenginwrape\  (5 subtraces) (ID = 970644)
7:23 PM:   HKLM\software\classes\ffwrap.ffenginwrape\clsid\  (1 subtraces) (ID = 970646)
7:23 PM:   HKLM\software\classes\compcleancor.appcleane.1\  (3 subtraces) (ID = 970650)
7:23 PM:   HKLM\software\classes\compcleancor.appcleane\  (5 subtraces) (ID = 970654)
7:23 PM:   HKLM\software\classes\compcleancore.fileclean.1\  (3 subtraces) (ID = 970660)
7:23 PM:   HKLM\software\classes\compcleancor.filecleane\  (5 subtraces) (ID = 970664)
7:23 PM:   HKLM\software\classes\compcleancor.inetcleane.1\  (3 subtraces) (ID = 970670)
7:23 PM:   HKLM\software\classes\compcleancor.inetcleane\  (5 subtraces) (ID = 970674)
7:23 PM:   HKLM\software\classes\compcleancor.cquickscan.1\  (3 subtraces) (ID = 970680)
7:23 PM:   HKLM\software\classes\compcleancor.cquickscan\  (5 subtraces) (ID = 970684)
7:23 PM:   HKLM\software\classes\compcleancor.regcleane.1\  (3 subtraces) (ID = 970690)
7:23 PM:   HKLM\software\classes\compcleancor.regcleane\  (5 subtraces) (ID = 970694)
7:23 PM:   HKLM\software\classes\compcleancor.systemcleane.1\  (3 subtraces) (ID = 970700)
7:23 PM:   HKLM\software\classes\compcleancor.systemcleane\  (5 subtraces) (ID = 970704)
7:23 PM:   HKLM\software\classes\uwfxpcheck.uwfxpcheck.1\  (3 subtraces) (ID = 970710)
7:23 PM:   HKLM\software\classes\uwfxpcheck.uwfxpcheck\  (5 subtraces) (ID = 970714)
7:23 PM:   HKLM\software\classes\clsid\{1fbbc0b6-ac2a-468f-80b3-1edf649fba66}\  (12 subtraces) (ID = 970721)
7:23 PM:   HKLM\software\classes\clsid\{c5ef03ac-84d1-4888-b243-ead1947a2fe0}\  (12 subtraces) (ID = 970734)
7:23 PM:   HKLM\software\winfixer_2005\  (8 subtraces) (ID = 970753)
7:23 PM:   HKLM\software\classes\clsid\{bf15c0e3-dd2f-453f-9461-8fb8ba311753}\  (12 subtraces) (ID = 970759)
7:23 PM:   HKLM\software\classes\clsid\{6adc47f3-9670-4771-a89c-b7516a3f78ce}\  (4 subtraces) (ID = 970772)
7:23 PM:   HKLM\software\classes\clsid\{6eb57351-498d-4e70-92b1-e1a29cefe972}\  (21 subtraces) (ID = 970777)
7:23 PM:   HKLM\software\classes\clsid\{6275c07b-d390-402d-b38a-54d301a246f9}\  (4 subtraces) (ID = 970799)
7:23 PM:   HKLM\software\classes\clsid\{00e894c0-f4ec-4129-9321-f73ea0ad1eca}\  (21 subtraces) (ID = 970804)
7:23 PM:   HKLM\software\classes\clsid\{a3bdf108-91d9-4764-a564-8f9441da2938}\  (12 subtraces) (ID = 970826)
7:23 PM:   HKLM\software\classes\clsid\{34491c49-06dd-46a1-926a-a71dbe35f0da}\  (12 subtraces) (ID = 970839)
7:23 PM:   HKLM\software\classes\clsid\{f915030e-1f82-4368-92ec-f782a36d9e76}\  (12 subtraces) (ID = 970852)
7:23 PM:   HKLM\software\classes\clsid\{11ae85fb-f48e-4c15-beee-8bc945472d83}\  (12 subtraces) (ID = 970865)
7:23 PM:   HKLM\software\classes\clsid\{90d29529-5923-4eaf-b946-07bc5da11c0a}\  (12 subtraces) (ID = 970878)
7:23 PM:   HKLM\software\classes\clsid\{693e85bf-0a75-4250-bfcc-87bd34703e5d}\  (12 subtraces) (ID = 970891)
7:23 PM:   HKLM\software\classes\clsid\{4f3f122c-7950-4ae9-b2f1-5ab59e8294f0}\  (4 subtraces) (ID = 970904)
7:23 PM:   HKLM\software\classes\clsid\{6e53e70c-9089-494a-9f51-abc499636dae}\  (14 subtraces) (ID = 970909)
7:23 PM:   HKLM\software\classes\typelib\{9091d048-b037-4d7d-a40a-65f5fe9de61f}\  (9 subtraces) (ID = 970926)
7:23 PM:   HKLM\software\classes\typelib\{4badd989-2360-463e-972a-953dc0d3f3be}\  (9 subtraces) (ID = 970936)
7:23 PM:   HKLM\software\classes\typelib\{1a955b68-7c64-4193-840a-2f4979643173}\  (9 subtraces) (ID = 970946)
7:23 PM:   HKLM\software\classes\typelib\{f110a1da-d25e-44cd-8cfd-e19671b26f6f}\  (9 subtraces) (ID = 970956)
7:23 PM:   HKLM\software\classes\typelib\{512558be-0df4-4d52-89ab-7aea8353c4ab}\  (9 subtraces) (ID = 970966)
7:23 PM:   HKLM\software\classes\typelib\{18ac54bb-5f98-44bd-be0e-ed31145849b2}\  (9 subtraces) (ID = 970976)
7:23 PM:   HKLM\software\classes\typelib\{c2ae9e5b-3ebd-49fd-9ab4-36c1a1e4af39}\  (9 subtraces) (ID = 970986)
7:23 PM:   HKLM\software\classes\appid\{6f9da798-4e32-4b96-848a-682ef26492a4}\  (1 subtraces) (ID = 970998)
7:23 PM:   HKLM\software\classes\appid\fxcor.dll\  (1 subtraces) (ID = 971000)
7:23 PM:   HKLM\software\classes\appid\{866e8004-1bdb-40d7-a3e7-15ac1d8de89b}\  (1 subtraces) (ID = 971002)
7:23 PM:   HKLM\software\classes\appid\mmfx.dll\  (1 subtraces) (ID = 971004)
7:23 PM:   HKLM\software\classes\appid\{40c70063-68a3-4e74-8947-1d813cb20087}\  (1 subtraces) (ID = 971006)
7:23 PM:   HKLM\software\classes\appid\ffwrap.dll\  (1 subtraces) (ID = 971008)
7:23 PM:   HKLM\software\classes\appid\{a025cbcb-2551-41e0-a76c-c3c815180876}\  (1 subtraces) (ID = 971010)
7:23 PM:   HKU\S-1-5-21-991437103-2240705208-1112437832-1010\software\winfixer_2005\  (24 subtraces) (ID = 970577)
7:23 PM:   HKU\S-1-5-21-991437103-2240705208-1112437832-1010\software\winfixer_2005\settings\  (23 subtraces) (ID = 970578)
7:23 PM: Registry Sweep Complete, Elapsed Time:00:00:46
7:23 PM: Starting Cookie Sweep
7:23 PM: Cookie Sweep Complete, Elapsed Time: 00:00:00
7:23 PM: Starting File Sweep
7:24 PM:   c:\program files\winfixer_2005 (19 subtraces) (ID = -2147465740)
7:24 PM:   c:\program files\common files\winsoftware (1 subtraces) (ID = -2147476682)
7:25 PM:   dfe.exe (ID = 153523)
7:42 PM:   dfdr.sys (ID = 188536)
7:43 PM:   compclr.dll (ID = 188363)
7:43 PM:   ffwrap.dll (ID = 188362)
7:43 PM:   ftr.dll (ID = 188365)
7:43 PM:   mmfx.dll (ID = 188361)
7:43 PM:   fxcor.dll (ID = 188360)
7:44 PM: File Sweep Complete, Elapsed Time: 00:20:33
7:44 PM: Full Sweep has completed.  Elapsed time 00:23:16
7:44 PM: Traces Found: 954
7:47 PM: Removal process initiated
7:47 PM:   Quarantining All Traces: winantispyware 2005
7:48 PM: Removal process completed.  Elapsed time 00:00:42
********
5:33 PM: |       Start of Session, Tuesday, February 14, 2006       |
5:33 PM: Spy Sweeper started
5:36 PM: Your spyware definitions have been updated.
5:36 PM: Updating spyware definitions
5:36 PM: Your definitions are up to date.
7:18 PM: Program Version 4.5.9  (Build 709)  Using Spyware Definitions 614

Edited by diafol: fixed formatting

0

Good job- it looks like ewido and Spy Sweeper removed the remains of the WinFixer infection.
One last thing to check: open Windows Explorer and make sure the entire c:\program files\common files\winsoftware folder has been deleted. If the folder does still exist, delete it and then empty your Recycle Bin.

0

i didnt find it. thank you soo much for your help! i wouldnt have had any idea of how to fix my computer otherwise
thanks again

This question has already been answered. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.