Can't remove Hijacker

Welcome to Majorgeeks. I see a Look 2 Me infection and a few other things. Let's start by running the steps in the below link and posting the requested log. It should take care of Look 2 Me and may also get the a-d-w-a-r-e.com problem.

Running Spy Sweeper

 

I have to log off now but to keep you moving along, I have posted some additional things to do. Some of this may or may not still be the same after running Spy Sweeper. Just ignore anything that no longer exists and continue.

First go to Add/Remove programs and uninstall any of the below if found:
MyWaySa or MyWay Search Assistant

If you are using WinXP or WinMe, make sure you have system restore disabled (per the tutorial).
For all OS types, make sure viewing of hidden files is enabled (per the tutorial).

Run HijackThis and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell4me.com/myway
R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\1.bin\deSrcAs.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O4 - HKLM\..\Run: [lspins] "C:\WINDOWS\system32\igps.exe"
O4 - HKLM\..\Run: [timessquare] C:\windows\timessquare.exe
O4 - HKCU\..\Run: [wfuf] C:\PROGRA~1\COMMON~1\wfuf\wfufm.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
O20 - Winlogon Notify: Run- - C:\WINDOWS\system32\h6j4lg1q16.dll
O20 - Winlogon Notify: URL - C:\WINDOWS\system32\sbndcmsg.dll (file missing)

After clicking Fix, exit HJT.
Boot into safe mode and use Windows Explorer to delete:
C:\Program Files\Common Files\wfuf <--- the whole folder
C:\Program Files\MyWaySA <--- the whole folder
C:\WINDOWS\system32\igps.exe
C:\windows\timessquare.exe

If you get an error when deleting a file. Right click on the file and check to see if the read only attribute is checked. If it is, uncheck it and try again. Other wise open Task Manager and kill the process if running then delete the file.

Now run Ccleaner (installed while running the READ ME FIRST). Now if running Win XP goto c:\windows\Prefetch and delete all files in this folder.

Now we need to Reset Web Settings:
1) If you have an Internet Explorer icon on your Desktop, goto step 2. If not, skip to step 3.
2) Now right click on your desktop Internet Explorer icon and select Properties. Then click the Programs tab and then click "Reset Web Settings". Now go back to the General tab and set your home page address to something useful like www.majorgeeks.com. Click Apply. Click Delete Cookies, Click Delete Files and select Delete all Offline content too, Click OK. When it finishes Click OK. Then skip step 3.
3) If you do not have an Internet Explorer icon on your Desktop, click Start, Control Panel (for some systems it may be Start, Settings, Control Panel), Internet Options, Programs tab and then click "Reset Web Settings". Now go back to the General tab and set your home page address to something useful like www.majorgeeks.com. Click Apply. Click Delete Cookies, Click Delete Files and select Delete all Offline content too, Click OK. When it finishes Click OK.

Now reboot in normal mode and post a new HJT log. And tell us how things are working.

 

You're welcome! Don't forget to post the SpySweeper and HJT logs when you complete the steps in both messages.

 

You're welcome!

Your problems should be gone now! One item still remains in your log that I asked you to fix:

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway

Did you fix this and also Reset Web Settings? You have to make sure that when MS Antispyware or Spybot detect the changes to your settings that you allow the change or it will not work. This Dell Myway is a mild form of malware that Dell will deny. In fact many Dell Tech Support people will blatantly say that they do not install MyWay on their systems. And then when you show them the info, they say oh yeah, we install that. It is not a problem. MyWay has long been a malware item that everyone always removes and for some dumb reason Dell has associated themselves with MyWay. BAD IDEA!

I would now uninstall either SpySweeper or MS Antispyware. Do not keep both on your system now that you are clean. If you do not mind buying an application, I would keep SpySweeper and buy it when the 14 day trial ends. Otherwise keep MS Antispyware which is currently still free (but it is not as good as SpySweeper).

Now you should check out the below:

How to Protect yourself from malware!

 

You're welcome. Surf safely!