i have the same problem again. I have Aurora popups and 180 search assistant problem, and now Winfixer wants to install every 30 seconds. I have followed all preliminary instructions and am posting my Ewido log and hijakthis log below. Help is greatly appreciated, you guys do awesome work!
Ewido
---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------
+ Created on: 5:34:03 PM, 8/4/2005
+ Report-Checksum: ABE28D7F
+ Scan result:
[1664] VM_01B70000 -> Adware.BetterInternet : Error during cleaning
C:\Documents and Settings\Eddie\Cookies\eddie@abetterinternet[2].txt -> Spyware.Cookie.Abetterinternet : Cleaned with backup
C:\Documents and Settings\Eddie\Cookies\eddie@doubleclick[1].txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
C:\Documents and Settings\Eddie\Cookies\eddie@tribalfusion[1].txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
C:\WINDOWS\1jmlm8sl.exe -> Adware.SAHA : Cleaned with backup
C:\WINDOWS\accessories.ico:twopxz -> Backdoor.Small.dc : Cleaned with backup
C:\WINDOWS\Blue Lace 16.bmp:aasrr -> TrojanDownloader.Agent.jb : Cleaned with backup
C:\WINDOWS\clock.avi:thzju -> TrojanDownloader.Small.ajr : Cleaned with backup
C:\WINDOWS\cmsetacl.log:kzkbq -> TrojanDownloader.Small.ajr : Cleaned with backup
C:\WINDOWS\dasetup.log:xmmjmy -> Spyware.OneMoreSearch : Cleaned with backup
C:\WINDOWS\EventSystem.log:ljvqv -> TrojanDownloader.Small.ajr : Cleaned with backup
C:\WINDOWS\FaxSetup.log:iibzw -> TrojanDownloader.Small.ajr : Cleaned with backup
C:\WINDOWS\FaxSetup.log:klovl -> TrojanDownloader.Small.ajr : Cleaned with backup
C:\WINDOWS\Gone Fishing.bmp:lopwt -> TrojanDownloader.Agent.jb : Cleaned with backup
C:\WINDOWS\hphmdl01.dat:wpsoq -> TrojanDownloader.Small.ajr : Cleaned with backup
C:\WINDOWS\KB822827.log:vqosk -> TrojanDownloader.Small.ajr : Cleaned with backup
C:\WINDOWS\KB823980.log:tqrci -> TrojanDownloader.Agent.jb : Cleaned with backup
C:\WINDOWS\KB823980.log:tuphl -> TrojanDownloader.Agent.jb : Cleaned with backup
C:\WINDOWS\KB824105.log:jiyxug -> Backdoor.Small.dc : Cleaned with backup
C:\WINDOWS\KB826942.log:bjqcwr -> TrojanDownloader.Small.ajr : Cleaned with backup
C:\WINDOWS\KB828028.log:kdtwl -> TrojanDownloader.Agent.jb : Cleaned with backup
C:\WINDOWS\KB828035.log:eitfw -> TrojanDownloader.Agent.jb : Cleaned with backup
C:\WINDOWS\KB828035.log:escve -> TrojanDownloader.Small.ajr : Cleaned with backup
C:\WINDOWS\KB828035.log:wvssh -> TrojanDownloader.Small.ajr : Cleaned with backup
C:\WINDOWS\KB833407.log:ktagp -> TrojanDownloader.Agent.jb : Cleaned with backup
C:\WINDOWS\KB833987.log:xsvaz -> TrojanDownloader.Small.ajr : Cleaned with backup
C:\WINDOWS\KB835732.log:daeffl -> TrojanDownloader.Small.ajr : Cleaned with backup
C:\WINDOWS\KB837001.log:hjeys -> TrojanDownloader.Small.ajr : Cleaned with backup
C:\WINDOWS\KB837001.log:oaegi -> TrojanDownloader.Agent.jb : Cleaned with backup
C:\WINDOWS\KB840987.log:pfzxp -> TrojanDownloader.Agent.jb : Cleaned with backup
C:\WINDOWS\KB841356.log:likpb -> TrojanDownloader.Agent.jb : Cleaned with backup
C:\WINDOWS\KB841356.log:vudze -> TrojanDownloader.Small.ajr : Cleaned with backup
C:\WINDOWS\KB871250.log:ybpre -> TrojanDownloader.Small.ajr : Cleaned with backup
C:\WINDOWS\KB873333.log:nylgon -> Backdoor.Small.dc : Cleaned with backup
C:\WINDOWS\KB873339.log:agkhl -> TrojanDownloader.Small.ajr : Cleaned with backup
C:\WINDOWS\KB873339.log:awtzl -> TrojanDownloader.Agent.jb : Cleaned with backup
C:\WINDOWS\KB873376.log:wjniq -> TrojanDownloader.Small.ajr : Cleaned with backup
C:\WINDOWS\KB873376.log:xrrfy -> TrojanDownloader.Agent.jb : Cleaned with backup
C:\WINDOWS\KB885250.log:fzeuqq -> TrojanDownloader.Small.ajr : Cleaned with backup
C:\WINDOWS\KB885836.log:lkung -> TrojanDownloader.Agent.jb : Cleaned with backup
C:\WINDOWS\KB886185.log:xwfjp -> TrojanDownloader.Agent.jb : Cleaned with backup
C:\WINDOWS\KB887472.log:dyesh -> TrojanDownloader.Small.ajr : Cleaned with backup
C:\WINDOWS\KB888113.log:iscqu -> TrojanDownloader.Small.ajr : Cleaned with backup
C:\WINDOWS\KB888113.log:iyohk -> TrojanDownloader.Small.ajr : Cleaned with backup
C:\WINDOWS\KB888113.log:zwpbc -> TrojanDownloader.Agent.jb : Cleaned with backup
C:\WINDOWS\KB889293-IE6SP1-20041111.235619.log:meahe -> TrojanDownloader.Agent.jb : Cleaned with backup
C:\WINDOWS\KB889293-IE6SP1-20041111.235619.log:wmfxd -> TrojanDownloader.Small.ajr : Cleaned with backup
C:\WINDOWS\KB891711.log:xsnouv -> TrojanDownloader.Small.ajr : Cleaned with backup
C:\WINDOWS\LUINSTALL.LOG:xfdab -> TrojanDownloader.Small.ajr : Cleaned with backup
C:\WINDOWS\msgsocm.log:jhjmt -> TrojanDownloader.Agent.jb : Cleaned with backup
C:\WINDOWS\Nail.exe -> Adware.BetterInternet : Cleaned with backup
C:\WINDOWS\ocgen.log:ellik -> TrojanDownloader.Agent.jb : Cleaned with backup
C:\WINDOWS\ocgen.log:jduhe -> TrojanDownloader.Agent.jb : Cleaned with backup
C:\WINDOWS\orun32.isu:pnwah -> TrojanDownloader.Small.ajr : Cleaned with backup
C:\WINDOWS\orun32.isu:uefza -> TrojanDownloader.Small.ajr : Cleaned with backup
C:\WINDOWS\ppvvxgx.exe -> Adware.BetterInternet : Cleaned with backup
C:\WINDOWS\pss\win.ini.backup:flyrj -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\q329623.log:ntjix -> TrojanDownloader.Small.ajr : Cleaned with backup
C:\WINDOWS\REGLOCS.OLD:kopny -> TrojanDownloader.Agent.jb : Cleaned with backup
C:\WINDOWS\River Sumida.bmp:bspdca -> Backdoor.Small.dc : Cleaned with backup
C:\WINDOWS\sessmgr.setup.log:enizg -> TrojanDownloader.Agent.jb : Cleaned with backup
C:\WINDOWS\setupapi.log.0.old:gmybtj -> Spyware.OneMoreSearch : Cleaned with backup
C:\WINDOWS\setupapi.log.0.old:pjzem -> TrojanDownloader.Agent.jb : Cleaned with backup
C:\WINDOWS\setuperr.log:vamze -> TrojanDownloader.Agent.jb : Cleaned with backup
C:\WINDOWS\spupdsvc.log:akcoa -> TrojanDownloader.Small.ajr : Cleaned with backup
C:\WINDOWS\Sti_Trace.log:zxdvwp -> Backdoor.Small.dc : Cleaned with backup
C:\WINDOWS\svcpack.log:gtxkb -> TrojanDownloader.Small.ajr : Cleaned with backup
C:\WINDOWS\SYMEVENT.LOG:qbmeq -> TrojanDownloader.Small.ajr : Cleaned with backup
C:\WINDOWS\system32\0ut69qf3.dll -> Adware.SAHA : Cleaned with backup
C:\WINDOWS\system32\8grvl16b.exe -> Adware.Saha : Cleaned with backup
C:\WINDOWS\system32\DrPMon.dll -> Adware.BetterInternet : Cleaned with backup
C:\WINDOWS\tsoc.log:kdwdh -> TrojanDownloader.Small.ajr : Cleaned with backup
C:\WINDOWS\wiaservc.log:evlmp -> TrojanDownloader.Agent.jb : Cleaned with backup
C:\WINDOWS\Windows Update.log:gmqgl -> TrojanDownloader.Small.ajr : Cleaned with backup
C:\WINDOWS\WindowsUpdate.log:dovlkt -> Backdoor.Small.dc : Cleaned with backup
C:\WINDOWS\Zapotec.bmp:hioem -> TrojanDownloader.Small.ajr : Cleaned with backup
::Report End
Hijack this Log
Logfile of HijackThis v1.99.1
Scan saved at 5:40:30 PM, on 8/4/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\WINDOWS\System32\hphmon05.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Sony Handheld\HOTSYNC.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\WinFixer 2005\WFX5.exe
C:\Program Files\Microsoft Office\Office10\OUTLOOK.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://lt.firstmagn...cker/Login.aspx
R3 - Default URLSearchHook is missing
N3 - Netscape 7: user_pref("browser.startup.homepage", "https://lt.firstmagn.../HomePage.aspx"); (C:\Documents and Settings\Eddie\Application Data\Mozilla\Profiles\default\bpccvhee.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Eddie\Application Data\Mozilla\Profiles\default\bpccvhee.slt\prefs.js)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\MYDOWN~1\SPYBOT~1\SDHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NI.UWFX5LP_0001_0802] "C:\WINDOWS\Downloaded Program Files\CONFLICT.1\UWFX5LP_0001_0802NetInstaller.exe"
O4 - HKLM\..\RunOnce: [ClrSchUninstall] C:\DOCUME~1\Eddie\LOCALS~1\Temp\Uninstall.EXE -b
O4 - HKCU\..\RunOnce: [CleanUp!] C:\Documents and Settings\Eddie\Desktop\Virus Weapons\Cleanup.exe /WindowsRestart
O4 - Global Startup: HotSync Manager.lnk = C:\Program Files\Sony Handheld\HOTSYNC.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windup.../bridge-c18.cab
O16 - DPF: {6D63C97A-4C9D-4B6E-AF86-E11E631AD4AA} (xLoan2List Control) - https://www.sharperl...an2ListProj.cab
O16 - DPF: {7EA90EB3-366D-4270-AB3B-05C4EE9CD966} (xLoan2 Control) - https://www.sharperl.../xLoan2Proj.cab
O16 - DPF: {DF05D910-DC8E-403A-93B0-5C866F3200D1} (PtClickLoan Control) - http://www.clickloan...PtClickLoan.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.ao.../ampx_en_dl.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = VALPARAISO.FIRSTMAGNUS.COM
O17 - HKLM\Software\..\Telephony: DomainName = VALPARAISO.FIRSTMAGNUS.COM
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = VALPARAISO.FIRSTMAGNUS.COM
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
Thanks!!!