Skip to main content
Start a Conversation

Unsolved

This post is more than 5 years old

saurabhkumar

7 Posts

2388

September 17th, 2005 15:00

Winfixer2005 is creating havoc..please help

​ Hi, ​
​ I am in deep trouble because of winfixer2005.. ​
​ Whenever I login .. windows installer starts and could not complete because of Norton... then winfixer 2005 popups keep coming .. sometimes some advertisements open up in brower.. ​
​ Please help me out.... ​
​ ​
​ Following in my HJT log... ​
​ ​
​ Logfile of HijackThis v1.99.1 ​
​Scan saved at 12:44:15 PM, on 9/17/2005 ​
​Platform: Windows XP SP2 (WinNT 5.01.2600) ​
​MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) ​
​ Running processes: ​
​C:\WINDOWS\System32\smss.exe ​
​C:\WINDOWS\system32\csrss.exe ​
​C:\WINDOWS\system32\winlogon.exe ​
​C:\WINDOWS\system32\services.exe ​
​C:\WINDOWS\system32\lsass.exe ​
​C:\WINDOWS\system32\svchost.exe ​
​C:\WINDOWS\system32\svchost.exe ​
​C:\WINDOWS\System32\svchost.exe ​
​C:\Program Files\Intel\Wireless\Bin\EvtEng.exe ​
​C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe ​
​C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe ​
​C:\WINDOWS\system32\svchost.exe ​
​C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe ​
​C:\WINDOWS\system32\svchost.exe ​
​C:\WINDOWS\Explorer.EXE ​
​C:\Program Files\Common Files\Symantec Shared\ccProxy.exe ​
​C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe ​
​C:\Program Files\Norton Internet Security\ISSVC.exe ​
​C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe ​
​C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe ​
​C:\WINDOWS\system32\spoolsv.exe ​
​C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe ​
​C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe ​
​C:\WINDOWS\system32\CTsvcCDA.EXE ​
​C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe ​
​C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe ​
​C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe ​
​C:\WINDOWS\system32\wdfmgr.exe ​
​C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe ​
​C:\WINDOWS\system32\hkcmd.exe ​
​C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe ​
​C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe ​
​C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe ​
​C:\WINDOWS\system32\dla\tfswctrl.exe ​
​C:\Program Files\Dell\Media Experience\DMXLauncher.exe ​
​C:\Program Files\Common Files\Symantec Shared\ccApp.exe ​
​C:\WINDOWS\System32\alg.exe ​
​C:\Program Files\Common Files\Real\Update_OB\realsched.exe ​
​C:\Program Files\Microsoft AntiSpyware\gcasServ.exe ​
​C:\Program Files\support.com\bin\tgcmd.exe ​
​C:\PROGRA~1\MUSICM~1\MUSICM~3\MMDiag.exe ​
​C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe ​
​C:\Program Files\Dell Support\DSAgnt.exe ​
​C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mim.exe ​
​C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe ​
​C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe ​
​C:\WINDOWS\System32\svchost.exe ​
​C:\Program Files\Digital Line Detect\DLG.exe ​
​C:\Program Files\Internet Explorer\iexplore.exe ​
​C:\Program Files\Internet Explorer\iexplore.exe ​
​C:\Program Files\Internet Explorer\iexplore.exe ​
​C:\Program Files\Internet Explorer\iexplore.exe ​
​C:\HJT\HijackThis.exe ​
​C:\Program Files\Messenger\msmsgs.exe ​
​ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = ​​http://bfc.myway.com/search/de_srchlft.html​​ ​
​R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Comcast ​
​R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\1.bin\deSrcAs.dll ​
​O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll ​
​O2 - BHO: (no name) - {4D25F921-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\1.bin\deSrcAs.dll ​
​O2 - BHO: MSEvents Object - {52B1DFC7-AAFC-4362-B103-868B0683C697} - C:\WINDOWS\system32\byvtt.dll ​
​O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll ​
​O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll ​
​O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll ​
​O2 - BHO: CNisExtBho Class - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll ​
​O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll ​
​O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll ​
​O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll ​
​O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll ​
​O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe ​
​O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe ​
​O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe ​
​O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless ​
​O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" ​
​O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r ​
​O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime ​
​O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe ​
​O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe ​
​O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" ​
​O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer ​
​O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot ​
​O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe" ​
​O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\support.com\bin\tgcmd.exe" /server ​
​O4 - HKLM\..\Run: [POINTER] point32.exe ​
​O4 - HKLM\..\Run: [ZingSpooler] C:\Program Files\Common Files\Zing\ZingSpooler.exe ​
​O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exe ​
​O4 - HKLM\..\Run: [CTRegRun] C:\WINDOWS\CTRegRun.EXE ​
​O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray ​
​O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup ​
​O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet ​
​O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R ​
​O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe ​
​O4 - Global Startup: Digital Line Detect.lnk = ? ​
​O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE ​
​O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe ​
​O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present ​
​O8 - Extra context menu item: &Search - ​​http://ka.bar.need2find.com/KA/menusearch.html?p=KA​ ​
​O8 - Extra context menu item: &Yahoo! Search - ​​file:///C:\Program​​ Files\Yahoo!\Common/ycsrch.htm ​
​O8 - Extra context menu item: Yahoo! &Dictionary - ​​file:///C:\Program​​ Files\Yahoo!\Common/ycdict.htm ​
​O8 - Extra context menu item: Yahoo! &Maps - ​​file:///C:\Program​​ Files\Yahoo!\Common/ycmap.htm ​
​O8 - Extra context menu item: Yahoo! &SMS - ​​file:///C:\Program​​ Files\Yahoo!\Common/ycsms.htm ​
​O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll ​
​O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll ​
​O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll ​
​O9 - Extra button: ComcastHSI - {669B269B-0D4E-41FB-A3D8-FD67CA94F646} - ​​http://www.comcast.net/​​ (file missing) ​
​O9 - Extra button: Support - {8828075D-D097-4055-AA02-2DBFA9D85E8A} - ​​http://www.comcastsupport.com/​​ (file missing) ​
​O9 - Extra button: Help - {97809617-3937-4F84-B335-9BB05EF1A8D4} - ​​http://online.comcast.net/help/​​ (file missing) ​
​O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll ​
​O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe ​
​O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe ​
​O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - ​​http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409​​ ​
​O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - ​​http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab​​ ​
​O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll ​
​O16 - DPF: {5E943D9C-F8DC-4258-8E3F-A61BB3405A33} (ZingBatchAXDwnl Class) - ​​http://www.imagestation.com/common/classes/batchdwnl.cab?version=4,3,2,20802​​ ​
​O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - ​​http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab​​ ​
​O16 - DPF: {E9A7F56F-C40F-4928-8C6F-7A72F2A25222} (AxRUploadControl Object) - ​​http://www.imagestation.com/common/classes/SonyISUpload.cab?v=1,0,0,25​​ ​
​O16 - DPF: {FCF289D4-0AC8-4ED8-BE31-E8AF09606AB5} (download_35mb_com.applet) - ​​http://static.35mb.com/applet/applet_o.cab​​ ​
​O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) ​
​O20 - Winlogon Notify: byvtt - C:\WINDOWS\system32\byvtt.dll ​
​O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll ​
​O20 - Winlogon Notify: IntelWireless - C:\Program Files\Intel\Wireless\Bin\LgNotify.dll ​
​O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe ​
​O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe ​
​O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe ​
​O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe ​
​O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe ​
​O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE ​
​O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe ​
​O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe ​
​O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe ​
​O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe ​
​O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe ​
​O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe ​
​O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe ​
​O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe ​
​O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe ​
​O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe ​
​O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe ​
​O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe ​
​ ​

catnip27

1 Message

September 17th, 2005 17:00

Hi there,

I may not be able to help you, but I have been having the exact same problem with my computer. This winfixer bull has got ahold of me something aweful.  After hours of reading posts on dozens of website, and doing everything that was suggested to fix the problem ( all the while being dragged around the internet to places I didn't want to go because of this bug, and bookmarks being added to places), but nothing worked...except I did get my system to crash into the ground! Hard!!!Spent hours upon hours to try to get it to boot...nothing worked...so then forever on the phone with a technical rep from dell. For some reason, almost the last step before we wiped out everything, it all the sudden wanted to start up as if nothing happened....Then it worked great until this morning...It is happening all over again...so if there is anybody out there who can really help with this winfixer problem,by all means..... thanks:smileyindifferent:

ky331

3 Apprentice

 • 

15.2K Posts

September 17th, 2005 17:00

saurabhkumar 
if the forum moderator doesn't move this thread over automatically, please repost your log in the HiJackThis forum, here:
 
 
 
catnip
you also should generate a HiJackThis Log, and post it, as follows:
Download the latest version of HJT(hijackthis) (version 1.99.1) from

http://majorgeeks.com/download3155.html

you must create a separate folder and place it there.... people commonly use C:\HJT.   Note:  Please do *NOT* use a TEMP (temporary) folder, *NOR* your DESKTOP, as HJT will be generating log files and backup files in the folder from which it is run... you risk accidentally losing these if you use a TEMP folder, and you will generate extreme clutter if you use your DESKTOP.

The file above comes as a compressed .ZIP file... you have to UNzip it (hopefully, you have an UNzip utility built into your Windows Explorer.   If for any reason, you're unable to UNzip it, you can download the already-unzipped .EXE file from http://downloads.malwareremoval.com/HijackThis.exe )

After Unzipping, double click on HiJackThis.EXE

Click on  Do a System Scan and Save a LogFile

This will automatically open NotePad

Copy the entire file from NotePad:  EDIT/SelectAll, EDIT/Copy

Then go to the new forum dedicated for HiJack This logs (**NOT** back here), and  PASTE the results there:

http://forums.us.dell.com/supportforums/board?board.id=si_hijack

Be sure to include a detailed description of any problems/errors/warnings you are encountering.

Hopefully, one of the HJT experts will get to it as quickly as possible.

 

WARNING:  HiJack This is a VERY POWERFUL tool.  Do *NOT* do anything else (in particular, do NOT use it to delete any entries) until you are advised to do so!!   Improper use of this tool can severely damage your system.
 
 
Supplemental note:  The procedure as worded above has been carefully edited over time, so as to expedite the process of helping people.   Nevertheless, it seems that many individuals try to be "creative", and make some variations.  It really would be to your benefit if you follow these directions EXACTLY as stated... because certain changes on your part can result in slowing-down the help process. 
Specifically, the following are 3 very common BAD deviations which will cause delays:
a)  BAD:  using an older/outdated version of HiJackThis...
The experts only work with the current version.   So if you make a post with an older version, you'll simply be advised to get the latest version, re-run it, and re-post your log.
b) BADusing a TEMP directory or your DESKTOP for HJT....
Some experts may insist you move HJT before they'll begin working with you.   Others will start the repair process, advising you to move HJT as one of the very first steps.   Failure to do so can result in losing potentially critical information.   So please,  just use the suggested  C:\HJT  directory, rather than try to be creative.
c) BAD:  posting your log in the wrong forum...
if you post your log back here, in the Virus/SpyWare forum, it will "sit idly", either until the forum moderator gets around to move it for you... or until you decide to repost your log...  in the HiJackThis forum.
 

View More

View All

No Events found!

Top