download and run Atribune's VUndoFix, per directions here: http://forums.us.dell.com/supportforums/board/message?board.id=si_hijack&message.id=29584

Hi

pls help me in removing this winfixer 2006 popups.

my log file of hijack is

Logfile of HijackThis v1.99.1
Scan saved at 10:56:55, on 21/03/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\IDispChg.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PccGuide.exe
C:\PROGRA~1\WINZIP\winzip32.exe
C:\Documents and Settings\Subramanian Selvam\Local Settings\Temp\HijackThis.exe

R3 - Default URLSearchHook is missing
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O20 - Winlogon Notify: Unimodem - C:\WINDOWS\system32\e002lado1d0c.dll

 

 

and virtumundotobe gone is

[03/23/2006, 1:57:02] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\Subramanian Selvam\Desktop\VirtumundoBeGone.exe" )
[03/23/2006, 1:57:09] - Detected System Information:
[03/23/2006, 1:57:09] -  Windows Version: 5.1.2600, Service Pack 2
[03/23/2006, 1:57:09] -  Current Username: Subramanian Selvam (Admin)
[03/23/2006, 1:57:09] -  Windows is in NORMAL mode.
[03/23/2006, 1:57:09] - Searching for Browser Helper Objects:
[03/23/2006, 1:57:09] - Finished Searching Browser Helper Objects
[03/23/2006, 1:57:09] - Finishing up...
[03/23/2006, 1:57:09] - Nothing found! Exiting...

[03/23/2006, 2:01:43] - VirtumundoBeGone v1.5 ( "C:\DOCUME~1\SUBRAM~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\0JKL4N67\VirtumundoBeGone[1].exe" )
[03/23/2006, 2:01:45] - Detected System Information:
[03/23/2006, 2:01:45] -  Windows Version: 5.1.2600, Service Pack 2
[03/23/2006, 2:01:45] -  Current Username: Subramanian Selvam (Admin)
[03/23/2006, 2:01:45] -  Windows is in NORMAL mode.
[03/23/2006, 2:01:45] - Searching for Browser Helper Objects:
[03/23/2006, 2:01:45] - Finished Searching Browser Helper Objects
[03/23/2006, 2:01:45] - Finishing up...
[03/23/2006, 2:01:45] - Nothing found! Exiting...

and vundo fix

also says nothing

 

pls help me.

 

i ahve tired all poss scanners in the world (adaware, spybot,spyware doctor,trojan hunter,windows defender,mcafee antivirus and trend micro (including shreadder) and spy subtract by trned micro)

still i get popups

Hi

pls help me in removing this winfixer 2006 popups.

my log file of hijack is

Logfile of HijackThis v1.99.1
Scan saved at 10:56:55, on 21/03/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\IDispChg.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PccGuide.exe
C:\PROGRA~1\WINZIP\winzip32.exe
C:\Documents and Settings\Subramanian Selvam\Local Settings\Temp\HijackThis.exe

R3 - Default URLSearchHook is missing
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O20 - Winlogon Notify: Unimodem - C:\WINDOWS\system32\e002lado1d0c.dll

 

 

and virtumundotobe gone is

[03/23/2006, 1:57:02] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\Subramanian Selvam\Desktop\VirtumundoBeGone.exe" )
[03/23/2006, 1:57:09] - Detected System Information:
[03/23/2006, 1:57:09] -  Windows Version: 5.1.2600, Service Pack 2
[03/23/2006, 1:57:09] -  Current Username: Subramanian Selvam (Admin)
[03/23/2006, 1:57:09] -  Windows is in NORMAL mode.
[03/23/2006, 1:57:09] - Searching for Browser Helper Objects:
[03/23/2006, 1:57:09] - Finished Searching Browser Helper Objects
[03/23/2006, 1:57:09] - Finishing up...
[03/23/2006, 1:57:09] - Nothing found! Exiting...

[03/23/2006, 2:01:43] - VirtumundoBeGone v1.5 ( "C:\DOCUME~1\SUBRAM~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\0JKL4N67\VirtumundoBeGone[1].exe" )
[03/23/2006, 2:01:45] - Detected System Information:
[03/23/2006, 2:01:45] -  Windows Version: 5.1.2600, Service Pack 2
[03/23/2006, 2:01:45] -  Current Username: Subramanian Selvam (Admin)
[03/23/2006, 2:01:45] -  Windows is in NORMAL mode.
[03/23/2006, 2:01:45] - Searching for Browser Helper Objects:
[03/23/2006, 2:01:45] - Finished Searching Browser Helper Objects
[03/23/2006, 2:01:45] - Finishing up...
[03/23/2006, 2:01:45] - Nothing found! Exiting...

and vundo fix

also says nothing

 

pls help me.

 

i ahve tired all poss scanners in the world (adaware, spybot,spyware doctor,trojan hunter,windows defender,mcafee antivirus and trend micro (including shreadder) and spy subtract by trned micro)

still i get popups

krssubbu1

 

due to the highly complex and individualized nature of HiJackThis analysis, we can only work with one person's HJT log per thread.   This thread belongs to the first poster, laurieh7893 .

 

If you would like assistance, please start a new/ separate thread of your own, and [re-]post your HJT log there.

 

By the way, the log you posted above seems very "small"... was that your ENTIRE HJT log?  For what it's worth, your log does not show any of the usual signs of winfixer.... [please do not reply here]