HijackThis Log and Spyware Problems

[twiztidmxcn]

So I have a major spyware problem, I've run both Ad-Aware and the CWS Shredder as well as full virus scan.

I know the general problem is either CWS Look At Me/VX2 thingamabob and the problem is I keep getting insane amounts of popups going on with my browser.

Basically, I've run AdAware VX cleaner and it keeps coming up and saying I may have a new variant, check the log file and submit it, but to where who knows.

I've gone through the sticky-ied post about cleaning CoolWebSearch and it has yet to actually help me completely rid myself of it.

So, attached are my VX File Log (from Ad Aware VX Cleaner) and my HijackThis log. *edit* I ran the program DLL Compare and have posted that log file as well.

any help would be much appreciated.

 

[RealBlackStuff]

C:\Documents and Settings\matt\Desktop\hijack\HijackThis.exe
put HijackThis in e.g C:\Program Files\HJT and NOT in Temp or on the Desktop!.

First Read: Only use these HJT-instructions when asked!
/R/ unRegister the xxx.DLL in that line
The text between the dotted lines underneath goes between the dotted lines of that post.
Make sure to follow ALL instructions, and in HJT tick/fix ALL lines!
...................................................................................................
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,84/mcinsctl.cab
O16 - DPF: {9FC5238F-12C4-454F-B1B5-74599A21DE47} (Webshots Photo Uploader) - http://community.webshots.com/html/WSPhotoUploader.CAB
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,21/mcgdmgr.cab
/R/ O20 - Winlogon Notify: MS-DOS Emulation - C:\WINDOWS\system32\e4020edoeh0c0.dll
/R/ C:\WINDOWS\SYSTEM32\ktlsl7~1.dll
/R/ C:\WINDOWS\SYSTEM32\ngdeapi.dll
/R/ C:\WINDOWS\SYSTEM32\rxchost.dll
/R/ C:\WINDOWS\SYSTEM32\t68u0g~1.dll
...................................................................................................

If all else fails:
Download PocketKillbox here: http://www.downloads.subratam.org/KillBox.zip. Extract it from the zip file, remember where it goes.
Double-click on Killbox.exe to run it. In the "Paste Full Path of File to Delete" box, fill in the full path/filename you want to delete.
Click on the Action menu and choose "Delete on Reboot". In the Action menu select "Process and Reboot".
When prompted to reboot, do so.

 

[twiztidmxcn]

still having major problems

I did all that in safe mode, deleted all restore files and whatnot

i was unable to unregister the DLL files, it came up with an error stating something along the lines of "this file cannot be deleted because it is in use by another process'

however, i click ctrl+alt+del and i cant end any of the processes because they are critical to the system

so when i deleted most of the files, i can use killbox and it deleted 1 or 2 more and then when i reboot, the files just magically have reinstalled, even with no connection to the internet, and low and behold they're different names

help me please, aaaaaaaaa

 

[RealBlackStuff]

Read: How to remove Trojans and its ilk!