I am also having the problem of the winfixer 2005 installer at start up. I have done all the recommended steps in the malware forum including windows update and HJT, but still seeing the winfixer installer. See my HJT log below.
Please provide some help for a system novice!
Thanks
Logfile of HijackThis v1.99.1
Scan saved at 11:04:33 PM, on 8/21/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\csrss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\SYSTEM32\DNTUS26.EXE
C:\WINNT\System32\svchost.exe
C:\Defenders\Ewido LogFiles\security suite\ewidoctrl.exe
C:\Defenders\Ewido LogFiles\security suite\ewidoguard.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINNT\System32\spool\DRIVERS\W32X86\3\LMPDPSRV.EXE
C:\PROGRA~1\NavNT\vptray.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\WINNT\system32\svnlitup32.exe
C:\Program Files\Lexmark X125\LEX125SU.exe
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\Program Files\WinZip\WZQKPICK.EXE
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\svchost.exe
C:\Documents and Settings\Dell User\Desktop\HijackThis.exe
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_6_0_0.dll
O2 - BHO: (no name) - {212EFB64-4385-4D28-A4D1-40C6F61196C0} - C:\WINNT\system32\hnbwwwpd.dll (file missing)
O2 - BHO: PBlockadeHelper Class - {4115122B-85FF-4DD3-9515-F075BEDE5EB5} - C:\Program Files\Oemji\Toolbar\PopupBlocker\PBHelper.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: IEFriendly Class - {D240DC29-C093-4388-B71F-A7103C796B0C} - C:\Program Files\Oemji\OemjiSearchPlus\OemjiSearchPlus.dll (file missing)
O3 - Toolbar: Oemji - {804DB5C7-31E6-4885-850A-F1941B58A4C7} - C:\Program Files\Oemji\Toolbar\OemjiSearch.dll (file missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_6_0_0.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SetupType] Portable
O4 - HKLM\..\Run: [NAV Live Update] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\oocfwm.exe
O4 - HKLM\..\Run: [Windows Explorer] Explorer .exe
O4 - HKLM\..\Run: [LMPDPSRV] C:\WINNT\System32\spool\DRIVERS\W32X86\3\LMPDPSRV.EXE
O4 - HKLM\..\Run: [Services] C:\WINNT\system32\cab\back32.exe C:\WINNT\system32\cab\service.exe
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\NavNT\vptray.exe
O4 - HKLM\..\Run: [Windos Manage] qzfdx.exe
O4 - HKLM\..\Run: [Application] C:\winnt\system32\dhcp\files\hidden32.exe mdll.exe
O4 - HKLM\..\Run: [TempShell] C:\winnt\system32\rmtcfg\files\hiddenrun.exe temp.bat
O4 - HKLM\..\Run: [smss.exe] C:\WINNT\unwise32.exe C:\WINNT\smss.exe
O4 - HKLM\..\Run: [lsass.exe] C:\WINNT\lsass.exe
O4 - HKLM\..\Run: [csrss.exe] C:\WINNT\unwise32.exe C:\WINNT\csrss.exe C:\WINNT\cfxr.dll
O4 - HKLM\..\Run: [4] C:\documents and settings\dell user\local settings\temp\4.exe
O4 - HKLM\..\Run: [F4cwHlDl4] C:\documents and settings\dell user\local settings\temp\F4cwHlDl4.exe
O4 - HKLM\..\Run: [ZB] C:\documents and settings\dell user\local settings\temp\ZB.exe
O4 - HKLM\..\Run: [gqk] C:\documents and settings\dell user\local settings\temp\gqk.exe
O4 - HKLM\..\Run: [LSPzHh9D] C:\documents and settings\dell user\local settings\temp\LSPzHh9D.exe
O4 - HKLM\..\Run: [oeH5] C:\documents and settings\dell user\local settings\temp\oeH5.exe
O4 - HKLM\..\Run: [lameshit] C:\crash.exe
O4 - HKLM\..\Run: [SpySpotter] C:\PROGRA~1\SPYSPO~1\SpySpotter.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [NI.UWFX5LP_0001_0614] "C:\WINNT\Downloaded Program Files\CONFLICT.1\UWFX5LP_0001_0614NetInstaller.exe"
O4 - HKLM\..\Run: [THGuard] "C:\Defenders\Trojan Hunter\TrojanHunter 4.2\THGuard.exe"
O4 - HKLM\..\Run: [svnlitup32] svnlitup32.exe
O4 - HKLM\..\RunServices: [Windos Manage] qzfdx.exe
O4 - HKLM\..\RunServices: [svnlitup32] svnlitup32.exe
O4 - HKCU\..\Run: [svnlitup32] svnlitup32.exe
O4 - HKCU\..\RunServices: [svnlitup32] svnlitup32.exe
O4 - Global Startup: Lexmark X125 Settings Utility.lnk = C:\Program Files\Lexmark X125\LEX125SU.exe
O4 - Global Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.c...nst20040510.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by12fd.bay12....es/MsnPUpld.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: DameWare NT Utilities 2.6 (DNTUS26) - DameWare Development - C:\WINNT\SYSTEM32\DNTUS26.EXE
O23 - Service: ewido security suite control - ewido networks - C:\Defenders\Ewido LogFiles\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Defenders\Ewido LogFiles\security suite\ewidoguard.exe