Your personal data successfully tracked

The above message (Your personal data tracked successfully. Click here to clean all tracks now.) appears on my background as will as at the top and bottom of all webpages I open. I've run all the prelim steps; attached is my log. Thank you for any help.

 

1. Download and Install CCleaner
   • Note that, when asked to run CCleaner, you should run ONLY the default scan (Windows Tab). Do Not “Scan For Issues”!
   
   
2. Download FixWareout by Lonny and save it to your Desktop.
   
   
   
3. Download & Install Ewido Security Suite
   • Be sure to uncheck Install background guard and Install scan via context menu when you Install Ewido.
   • After installing EWIDO, please update it’s definitions by Clicking the Update Button > Start.
   • Just leave it for now. You'll be running it shortly
   
   
4. Please locate your download of FixWareout and INSTALL it.
   • Be sure that Run fixit is checked.
   • Click Finish to begin the fix.
   • Follow the prompts and Reboot when asked to do so.
   • Upon Reboot, follow the prompts and HijackThis should open.
   
   
5. After HJT opens, Click Scan and then Check the boxes for the following, if they should remain:
   
   O17 - HKLM\System\CCS\Services\Tcpip\..\{462FC00A-8E88-4885-A438-3511C395FD9F}: NameServer = 85.255.116.118,85.255.112.205
   O17 - HKLM\System\CCS\Services\Tcpip\..\{62FF7A85-F754-4162-831D-66F230C8AD3B}: NameServer = 85.255.116.118,85.255.112.205
   O17 - HKLM\System\CCS\Services\Tcpip\..\{77A790CB-BA2E-48E9-ACE1-CE16B95EB97A}: NameServer = 85.255.116.118,85.255.112.205
   O17 - HKLM\System\CCS\Services\Tcpip\..\{C349B450-C6A8-4649-B45F-76665FFD4A37}: NameServer = 85.255.116.118,85.255.112.205
   
   
   
6. Now, run CCleaner, Be sure you only run the Default Scan (Windows Tab) and select Run Cleaner. Do not run any other options from other tabs.
   
   
   
7. Please Boot to Safe Mode!
   • Open Ewido and Select Scanner. Click Settings, make sure ALL boxes are checked under How to Scan & Unwanted Software and that Scan Every File has been selected.
   • When EWIDO has been configured correctly, click OK.
   • Click Complete System Scan to begin the scan. Allow EWIDO to clean all that it finds and then save the log to where you can find it easily.
   
   
8. Please do the Online Scan below and have it clean what it finds:
   • Panda Active Scan
   
   
9. After ALL of the above has been completed, please REBOOT to normal Windows, scan with HijackThis and ATTACH that log. Please save and attach the logs from the Panda Scan, the EWIDO scan, and the log found at C:\fixwareout\report.txt as well.

Let me know of any problems you may have encountered with the above instructions and how your computer is running now.

 

I don't notice the message or popups on webpages anymore, but the advertisement is still on my desktop background. I attached the logs, one of them wouldn't save properly, I think it was Ewido.

 

Please look in Add/Remove Programs for the following and uninstall them if found:

Ewido

Spy Sweeper
( If you have purchased either of these you can leave them! )

Now scan with HijackThis and check the boxes for the following entries:
( Make sure ALL browser windows are closed when you click FIX )

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway

F2 - REG:system.ini: UserInit=userinit.exe

O4 - HKLM\..\Run: [kdx] C:\WINDOWS\kdx\KHost.exe
O4 - HKLM\..\Run: [MONITER] nmdllw.exe
O4 - HKLM\..\Run: [msag] ftbar.exe
O4 - HKLM\..\RunOnce: [mcagntps.dll] rundll32.exe advpack.dll,RegisterOCX c:\PROGRA~1\mcafee.com\agent\mcagntps.dll
O4 - HKCU\..\Run: [typeconf] typeconf.exe
O4 - HKCU\..\Run: [xsetup] startman.exe
O4 - HKCU\..\Run: [clamav] runload32.exe

Again, make sure ALL browser windows are closed when you click FIX.

Now, Please boot into Safe Mode, be sure you have the Viewing of Hidden Files & Folders Enabled per the tutorial. Now, navigate to and DELETE the following if they should remain:

C:\Program Files\Lycos ← Delete this whole folder if it exist!

C:\Documents and Settings\Jon\Favorites\1111 ← Delete this whole folder if it exist!

C:\WINDOWS\msxct1.ini

C:\WINDOWS\system32\r.exe

C:\WINDOWS\system32\nmdllw.exe

C:\WINDOWS\system32\ftbar.exe

C:\WINDOWS\system32\typeconf.exe

C:\WINDOWS\system32\startman.exe

C:\WINDOWS\system32\runload32.exe

C:\WINDOWS\system32\944815a19c5.exe

Next, run CCleaner to clean up cookies and temp files.


Run full scans with Ad-Aware SE & Spybot S&D and have both programs fix what they find.
Note: Remember to get all updates before doing the scans.

Finally, I would like you to flush your System Restore points. Please follow the instructions in the below:

• Disable and Re-enable System Restore
  
  
• Turn OFF System Restore to flush any bad Restore Points.
  
  
• Then, follow the instructions at the bottom of the linked page to Re-enable the Restore Utility which will create a fresh restore point.

After you complete the above reboot once more and then scan with HijackThis and attach the new log.

Let me know of any problems you may have encountered with the above instructions and also let me know how things are running now.