winfixer popup error

while doing stuff at myspace and playing slingo, an error message popped up.

here is a link to the first screen shot
http://i5.photobucket.com/albums/y198/ritaevery/computer_error/firsterr.jpg

when cancel is clicked this ad pops up, here is the screen shot
http://i5.photobucket.com/albums/y198/ritaevery/computer_error/firsterrpagebringsup.jpg

when that is closed this pops up, screen shot below, then when its closed it doesnt bother me again for about an hour.
http://i5.photobucket.com/albums/y198/ritaevery/computer_error/2nderr.jpg

adaware didnt pick anything up, so i ran hijackthis. here is what the log said:

Logfile of HijackThis v1.99.1
Scan saved at 1:15:21 PM, on

8/26/2005
Platform: Windows XP SP2 (WinNT

5.01.2600)
MSIE: Internet Explorer v6.00 SP2

(6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\Lexmark X1100

Series\lxbkbmgr.exe
C:\Program Files\Lexmark X1100

Admin note: The log layout was chopped up and very difficult to follow so I removed the bulk of it. Newt

can anyone help me fix this annoyance? i did search the site but didnt find any other threads that seemed to be the same problem. maybe i didnt search properly, sorry if this is a repeat of someone elses already fixed problem.

 

Hi Lucky Kitten. You do have some bad stuff but something went wrong with the layout of your Hijackthis log.

Please try another one and just copy/paste the results. Make sure you are running in normal mode with all your startup stuff starting.

 

It does appear you have a problem, please post a new log without any editing. Chopping it up actually makes it harder to read.

 

Normally, windows does not popup error messages telling you that if you have a problem you should go buy or download someone elses programs. Likewise, these windows error messages are not labled Internet explorer.

Your pictures make me feel you are recieving messenger service spam. SP2 should have disabled this, but go to start/ run and type
services.msc
hit enter
locate alerter
double click to open its controls, change its startup options to disabled and click stop service. (This alerts spammers that you are online , you want it off)

Then locate
messenger
and do the same.
This is not msn or windows messenger, it is an old service designed for sending messenges over a home network which spammers have hijacked to send spam to unsuspecting XP users.


As for this winfixer.
Well I am opposed to using such programs. They really do not help. They work by using databases of what they consider to be correct entries (say in the registry) and they fix things by deleting what they do not recognize.
This often causes worse problems.


Likewise, please post a new complete hijackthis log file
Just choose the Do system scan and save logfile option.
When it opens notepad, copy the contents and paste them here.

 

Logfile of HijackThis v1.99.1
Scan saved at 6:09:13 PM, on 8/27/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Amazing Rita ****\downloads\removedesktopvirus\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL =

http://www.begin2search.com/sidesearch.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =

http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =

http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =

http://login.passport.net/uilogin.srf?lc=1033&id=2
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant =

http://www.seekerbar.com/ie.aspx?tb_id=50154
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =

http://red.clientapps.yahoo.com/customize/ie/defaults/stp/ymsgr*http://my.y

ahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =

http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet

Settings,ProxyServer = 156.63.20.95:80
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet

Settings,ProxyOverride = localhost;<local>
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D}

- C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL (file

missing)
F0 - system.ini: Shell=Explorer.exe C:\WINDOWS\system32\winmgd.win
F1 - win.ini: run=C:\WINDOWS\system32\mouse_configurator.win
O2 - BHO: MSEvents Object - {827DC836-DD9F-4A68-A602-5812EB50A834} -

C:\WINDOWS\system32\ssttt.dll
O2 - BHO: MSN Search Toolbar Helper -

{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN

Toolbar Suite\TB\02.05.0000.1082\en-us\msntb.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no

file)
O3 - Toolbar: MSN Search Toolbar -

{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN

Toolbar Suite\TB\02.05.0000.1082\en-us\msntb.dll
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program

Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark

X1100 Series\lxbkbmgr.exe "
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM

Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &MSN Search - res://C:\Program Files\MSN

Toolbar Suite\TB\02.05.0000.1082\en-us\msntb.dll/search.htm
O8 - Extra context menu item: &WordWeb... -

res://C:\WINDOWS\wweb32.dll/lookup.html
O8 - Extra context menu item: Open in new background tab -

res://C:\Program Files\MSN Toolbar

Suite\TAB\02.05.0000.1110\en-us\msntabres.dll/229?961e5737df3b43ba93e1

8298ed772d4c
O8 - Extra context menu item: Open in new foreground tab -

res://C:\Program Files\MSN Toolbar

Suite\TAB\02.05.0000.1110\en-us\msntabres.dll/230?961e5737df3b43ba93e1

8298ed772d4c
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -

C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console -

{08B0E5C0-4FCB-11CF-AAA5-00401C608501} -

C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} -

C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger -

{4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program

Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} -

C:\Program Files\aim\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -

C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger -

{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program

Files\Messenger\msmsgs.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52}

- C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
O16 - DPF: {01234567-1234-1234-1234-012345678921} -

http://images.neopets.com/glophone/neoblue5.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) -

http://pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine

Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1842B0EE-B597-11D4-8997-00104BD12D94} (iCC Class) -

http://www.pcpitstop.com/internet/pcpConnCheck.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} -

http://a1540.g.akamai.net/7/1540/52/20030530/qtinstall.info.apple.com/bonni

e/us/win/QuickTimeInstaller.exe
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} -

http://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,84/mcinsctl.

cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload

Tool) - http://by23fd.bay23.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} -

http://a1540.g.akamai.net/7/1540/52/20031216/qtinstall.info.apple.com/mick

ey/us/win/QuickTimeInstaller.exe
O16 - DPF: {6EE39BFC-2FB6-4B69-9D05-CFC10E4F5B3E}

(MavenBootInstallerAXControl Class) -

http://client.maven.net/client/mavenBootInstaller.cab
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline

Control) - http://www.bitdefender.com/scan/Msie/bitdefender.cab
O16 - DPF: {88D758A3-D33B-45FD-91E3-67749B4057FA} (Sinstaller Class) -

http://dm.screensavers.com/dm/installers/si/1/sinstaller.cab
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield

International Setup Player) - http://www.installengine.com/engine/isetup.cab
O16 - DPF: {A1F2F2CE-06AF-483C-9F12-D3BAA72477D6} (BatchDownloader

Class) -

http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/PhotoSwap/Di

gWXMSN.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF}

(MsnMessengerSetupDownloadControl Class) -

http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) -

http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/autocomplete.c

ab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} -

http://download.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,21/mcgdm

gr.cab
O16 - DPF: {DEAB05BD-24DD-46F2-887D-77D04CE7E41D} (APUploadX

Control) - http://www.ialmond.com/ocx/APUploadX.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader

Object) -

http://download.games.yahoo.com/games/web_games/popcap/bejeweled2/p

opcaploader_v6.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) -

http://download.mcafee.com/molbin/iss-loc/vso/en-us/tools/mcfscan/2,0,0,43

64/mcfscan.cab
O16 - DPF: {EFAEF0E4-F044-4D57-9900-1C3FF18524C9} (AV Class) -

http://www.pcpitstop.com/antivirus/PitPav.cab
O18 - Protocol: mavencache - {DB47FDC2-8C38-4413-9C78-D1A68BF24EED} -

C:\Program Files\Maven\protocolHandlers.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O20 - Winlogon Notify: ssttt - C:\WINDOWS\system32\ssttt.dll


i just ran the scan and this is what came up in the log on notepad. i just selected all, copied, and pasted here. this is everything on the log.

 

Yep, you are thoroughly infested with adware and spyware.
How to boot to safe mode
How to view hidden files
How to disable system restore

I see no antivirus program, anti trojan program, antispyware program , anti adware program.
Here are some free ones I want you to get, install, update and run . Some will require you to register and give an email, but they are good, free and reliable.

AVAST free antivirus from Alwil

A Squared free trojan detector and remover from Emsisoft

Spybot search and destroy spyware and keylogger detector and remover This also has an immunize feature to prevent future infestations, and a resident shield to alert you if anything tries to install.

Adaware adware detector and remover

Go to add/ remove programs and if you have mywebsearch installed , uninstall it.


You have a begin2search infestation
http://sarc.com/avcenter/venc/data/adware.begin2search.html
Gives more information on this if you want to read up.
There is probably an icon on your desktop as they mention which you will have to delete once you have done the following.
Open Hijackthis with all other windows closed and put a check by the following and choose fix
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.begin2search.com/sidesearch.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant =http://www.seekerbar.com/ie.aspx?tb_id=50154
O2 - BHO: MSEvents Object - {827DC836-DD9F-4A68-A602-5812EB50A834} -
C:\WINDOWS\system32\ssttt.dll
R3 - URLSearchHook: (no name)-{00A6FAF6-072E-44cf-8957-5838F569A31D}
-C:\ProgramFiles\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL (file missing)
O20 - Winlogon Notify: ssttt - C:\WINDOWS\system32\ssttt.dll

Locate and delete this file
C:\WINDOWS\system32\ssttt.dll

And this folder
C:\ProgramFiles\MyWebSearch



You have the virus VBS_GEDZA.A
Hopefully the antivirus I specified above will find and remove it. If not, there are manual removal instructions at the trend micro site , click the solutions tab.
With all other windows closed run Hijackthis , click the following and choose fix
F0 - system.ini: Shell=Explorer.exe C:\WINDOWS\system32\winmgd.win
F1 - win.ini: run=C:\WINDOWS\system32\mouse_configurator.win
Locate and delete the files
C:\WINDOWS\system32\winmgd.win
C:\WINDOWS\system32\mouse_configurator.win




Are you using the Ohio State Network proxy server?
R1-HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyServer = 156.63.20.95:80
If not have hijackthis fix/remove the entery .

I also strongly recommend using Hijackthis to fix/ remove this entry
Redclientapps is partnered with claria, makers of gator and gain one of the largest adware distributors.
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =http://red.clientapps.yahoo.com/cus...sgr*http://my.yahoo.com


Once you have done all this, please also get spyware blaster to add further immunizations to your computer.

I see no sign of norton antivirus still being installed/running so I will also tell you to run hijackthis with all other windows closed, check the following and choose fix if you do not have norton installed and updated.
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll

Reboot and go online.
If all is fine, disable system restore, reboot, reenable system restore and go to start/ programs / accessories/ system/ system restore and create a new restore point.
Then run Hijackthis and post a new log to make sure you are clean.

 

i have adaware, spyblaster, and ewido for removing viruses and stuff

i tried to do what you suggested. but my computer wouldnt allow me to see my desktop in safe mode and no start button either. i couldnt run anything in safemode. so i did what you said in regular mode. here is the new log

Logfile of HijackThis v1.99.1
Scan saved at 8:05:50 PM, on 8/30/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Amazing Rita ****\downloads\removedesktopvirus\HijackThis.exe
C:\WINDOWS\system32\wuauclt.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://login.passport.net/uilogin.srf?lc=1033&id=2 R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;<local>
O2 - BHO: MSEvents Object - {827DC836-DD9F-4A68-A602-5812EB50A834} - C:\WINDOWS\system32\ssttt.dll
O2 - BHO: MSN Search Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1082\en-us\msntb.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: MSN Search Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1082\en-us\msntb.dll
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe "
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &MSN Search - res://C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1082\en-us\msntb.dll/search.htm
O8 - Extra context menu item: &WordWeb... - res://C:\WINDOWS\wweb32.dll/lookup.html
O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\MSN Toolbar Suite\TAB\02.05.0000.1110\en-us\msntabres.dll/229?961e5737df3b43ba93e18298ed772d4c
O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\MSN Toolbar Suite\TAB\02.05.0000.1110\en-us\msntabres.dll/230?961e5737df3b43ba93e18298ed772d4c
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\aim\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
O16 - DPF: {01234567-1234-1234-1234-012345678921} - http://images.neopets.com/glophone/neoblue5.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1842B0EE-B597-11D4-8997-00104BD12D94} (iCC Class) - http://www.pcpitstop.com/internet/pcpConnCheck.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52...pple.com/bonnie/us/win/QuickTimeInstaller.exe
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,84/mcinsctl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by23fd.bay23.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52...pple.com/mickey/us/win/QuickTimeInstaller.exe
O16 - DPF: {6EE39BFC-2FB6-4B69-9D05-CFC10E4F5B3E} (MavenBootInstallerAXControl Class) - http://client.maven.net/client/mavenBootInstaller.cab
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefender.com/scan/Msie/bitdefender.cab
O16 - DPF: {88D758A3-D33B-45FD-91E3-67749B4057FA} (Sinstaller Class) - http://dm.screensavers.com/dm/installers/si/1/sinstaller.cab
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.installengine.com/engine/isetup.cab
O16 - DPF: {A1F2F2CE-06AF-483C-9F12-D3BAA72477D6} (BatchDownloader Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/PhotoSwap/DigWXMSN.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/autocomplete.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,21/mcgdmgr.cab
O16 - DPF: {DEAB05BD-24DD-46F2-887D-77D04CE7E41D} (APUploadX Control) - http://www.ialmond.com/ocx/APUploadX.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.games.yahoo.com/games/web_games/popcap/bejeweled2/popcaploader_v6.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/vso/en-us/tools/mcfscan/2,00,4364/mcfscan.cab
O16 - DPF: {EFAEF0E4-F044-4D57-9900-1C3FF18524C9} (AV Class) - http://www.pcpitstop.com/antivirus/PitPav.cab
O18 - Protocol: mavencache - {DB47FDC2-8C38-4413-9C78-D1A68BF24EED} - C:\Program Files\Maven\protocolHandlers.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: ssttt - C:\WINDOWS\system32\ssttt.dll


ewido found 11 viruses btw, i had them all deleted. and the error/popup is still occuring. :/ i even got the popup in safemode and i think thats why i couldnt get my desktop. but i dont know

I cleaned up the log to make it easier to read. markp62

 

I finally removed winfixer

Today my computer is working much better and I finally don't see those winfixer popups anymore