Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Win Fixer 2005

Started by newks44 , Jul 22 2005 05:27 AM

  • Please log in to reply

#16
newks44
Posted 25 July 2005 - 10:49 AM

newks44

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
Cretemonster.

Here is my latest Hijack This Log. I would be pleased to link up with you on Yahoo! Messenger. My Yahoo! ID is newks44 as it is here. What's yours only my Yahoo! Messenger is set to ignore anyone who is not on my Messenger list?


Logfile of HijackThis v1.99.1
Scan saved at 16:55:46, on 25/07/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\EPSON\ESM2\eEBSVC.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe
C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\Softwin\BITDEF~1\bdmcon.exe
C:\Program Files\Softwin\BitDefender8\bdswitch.exe
C:\Program Files\Softwin\BitDefender8\bdnagent.exe
C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
C:\Program Files\EPSON\ESM2\STMS.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Softwin\BitDefender8\vsserv.exe
C:\Documents and Settings\John\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.eclipse.net.uk/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: MSEvents Object - {9068A414-3AF9-4F79-AF1C-E6EA415BAF52} - C:\WINDOWS\repair\javacom.dll
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [BDMCon] C:\PROGRA~1\Softwin\BITDEF~1\bdmcon.exe
O4 - HKLM\..\Run: [BDSwitchAgent] C:\Program Files\Softwin\BitDefender8\\bdswitch.exe
O4 - HKLM\..\Run: [BDNewsAgent] C:\Program Files\Softwin\BitDefender8\bdnagent.exe
O4 - Startup: Launch Internet Explorer Browser.lnk = C:\Program Files\Internet Explorer\iexplore.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: EPSON Background Monitor.lnk = C:\Program Files\EPSON\ESM2\STMS.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....467&clcid=0x409
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4E888414-DB8F-11D1-9CD9-00C04F98436A} (Microsoft.WinRep) - https://webresponse....iveX/winrep.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O16 - DPF: {A7E092C3-692A-11D0-A7E5-08002B322F3B} (WebResponseAttachments Control) - https://webresponse....eX/FileXfer.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.c...utocomplete.cab
O16 - DPF: {E7DBFB6C-113A-47CF-B278-F5C6AF4DE1BD} - http://download.abac...abasetup151.cab
O16 - DPF: {ED6D016A-12F8-4871-BEDC-CE13AAAB4F0B} (DD_v4_Member.DDv4) - http://www.drivershq...D_v4_Member.CAB
O17 - HKLM\System\CCS\Services\Tcpip\..\{17DDC148-BA6A-4201-902F-53080E4E06DE}: NameServer = 212.104.130.9 212.104.130.65
O17 - HKLM\System\CS1\Services\Tcpip\..\{17DDC148-BA6A-4201-902F-53080E4E06DE}: NameServer = 212.104.130.9 212.104.130.65
O20 - Winlogon Notify: javacom - C:\WINDOWS\repair\javacom.dll
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Program Files\EPSON\ESM2\eEBSVC.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Program Files\Softwin\BitDefender8\vsserv.exe" /service (file missing)
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)
  • 0

Advertisements

#17
Wizard
Posted 25 July 2005 - 12:52 PM

Wizard

    Retired Staff

  • Retired Staff
  • 5,661 posts
OK,I added you to the Yahoo list!

Lets give this a try!

Now you have the Registry file!

Reboot into Safe Mode

Find the Registry File you downloaded and Double Click it to execute the file!

When Prompted,Click "YES" to allow it to merge into the Registry!

Open HijackThis and Put a check next to these entries

O2 - BHO: MSEvents Object - {9068A414-3AF9-4F79-AF1C-E6EA415BAF52} - C:\WINDOWS\repair\javacom.dll

O20 - Winlogon Notify: javacom - C:\WINDOWS\repair\javacom.dll

Close any other open Windows and Click "Fix Checked"

Now,Open Pocket KillBox and Copy&Paste each entry below into the "Full Path of File to Delete"!

C:\WINDOWS\msxct1.ini
C:\WINDOWS\repair\javacom.dll
C:\WINDOWS\repair\javacom.bak1
C:\WINDOWS\repair\javacom.bak2
C:\WINDOWS\repair\javacom.ini
C:\WINDOWS\repair\javacom.ini2
C:\WINDOWS\repair\javacom.tmp
C:\WINDOWS\repair\mocavaj.dll
C:\WINDOWS\repair\mocavaj.bak1
C:\WINDOWS\repair\mocavaj.bak2
C:\WINDOWS\repair\mocavaj.ini
C:\WINDOWS\repair\mocavaj.ini2
C:\WINDOWS\repair\mocavaj.tmp
C:\DOCUMENTS AND SETTINGS\JOHN\LOCAL SETTINGS\TEMP\bundle.inf
C:\DOCUMENTS AND SETTINGS\JOHN\LOCAL SETTINGS\TEMP\delwbi.tmp
C:\Documents and Settings\John\Local Settings\Temp\180sainstallersilsais1.exe
C:\Documents and Settings\John\Local Settings\Temp\DelB.tmp
C:\Documents and Settings\John\Local Settings\Temp\eryakgyq.exe
C:\Documents and Settings\John\Local Settings\Temp\resC.tmp
C:\Documents and Settings\John\Local Settings\Temp\wjhhcqpa.exe
C:\PROGRAM FILES\180searchassistant


As you paste each in-> Click the Red Circle to Delete!

Click "YES" to Confirm the deletion process

Click "NO" to Reboot Now!

Once you have pasted the very last entry into Killbox

Click "YES" to Confirm the deletion process

Click "YES" to Reboot Now!

If Killbox can succeed at Rebooting the PC then the PC will restart automatically!

If it cant then you will see a message like this

PendingFileRenameOperations Registry Data has been Removed by External Process!

If that happens-> Click "OK" and Restart the PC the Normal Way!

Post back with a fresh HijackThis log once completed!

Edited by Cretemonster, 25 July 2005 - 12:58 PM.

  • 0

#18
newks44
Posted 26 July 2005 - 03:07 AM

newks44

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
Cretemonster


I've carried out your latest instructions. Here is the latest Hijackthis Log. I was just in the process of creating the latest log and copying it to this reply sheet when up popped a Win Fixer ad/download prompt. As you said before it really is a stubborn little bug.









Logfile of HijackThis v1.99.1
Scan saved at 10:02:52, on 26/07/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\EPSON\ESM2\eEBSVC.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe
C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\Softwin\BITDEF~1\bdmcon.exe
C:\Program Files\Softwin\BitDefender8\bdswitch.exe
C:\Program Files\Softwin\BitDefender8\bdnagent.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\EPSON\ESM2\STMS.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Softwin\BitDefender8\vsserv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\John\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.eclipse.net.uk/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: MSEvents Object - {9068A414-3AF9-4F79-AF1C-E6EA415BAF52} - C:\WINDOWS\repair\javacom.dll
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [BDMCon] C:\PROGRA~1\Softwin\BITDEF~1\bdmcon.exe
O4 - HKLM\..\Run: [BDSwitchAgent] C:\Program Files\Softwin\BitDefender8\\bdswitch.exe
O4 - HKLM\..\Run: [BDNewsAgent] C:\Program Files\Softwin\BitDefender8\bdnagent.exe
O4 - Startup: Launch Internet Explorer Browser.lnk = C:\Program Files\Internet Explorer\iexplore.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: EPSON Background Monitor.lnk = C:\Program Files\EPSON\ESM2\STMS.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....467&clcid=0x409
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4E888414-DB8F-11D1-9CD9-00C04F98436A} (Microsoft.WinRep) - https://webresponse....iveX/winrep.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O16 - DPF: {A7E092C3-692A-11D0-A7E5-08002B322F3B} (WebResponseAttachments Control) - https://webresponse....eX/FileXfer.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.c...utocomplete.cab
O16 - DPF: {E7DBFB6C-113A-47CF-B278-F5C6AF4DE1BD} - http://download.abac...abasetup151.cab
O16 - DPF: {ED6D016A-12F8-4871-BEDC-CE13AAAB4F0B} (DD_v4_Member.DDv4) - http://www.drivershq...D_v4_Member.CAB
O17 - HKLM\System\CCS\Services\Tcpip\..\{17DDC148-BA6A-4201-902F-53080E4E06DE}: NameServer = 212.104.130.9 212.104.130.65
O17 - HKLM\System\CS1\Services\Tcpip\..\{17DDC148-BA6A-4201-902F-53080E4E06DE}: NameServer = 212.104.130.9 212.104.130.65
O20 - Winlogon Notify: javacom - C:\WINDOWS\repair\javacom.dll
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Program Files\EPSON\ESM2\eEBSVC.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Program Files\Softwin\BitDefender8\vsserv.exe" /service (file missing)
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)
  • 0

#19
Wizard
Posted 26 July 2005 - 03:36 AM

Wizard

    Retired Staff

  • Retired Staff
  • 5,661 posts
YAHOO!!
  • 0

#20
newks44
Posted 26 July 2005 - 05:00 AM

newks44

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
Hi Cretemonster! Not quite sure what to make of the reply - "Yahoo!" . I take it to mean that we've eradicated the bug but as I indicated every so often a Win Fixer Ad /Download prompt gets through.
  • 0

#21
newks44
Posted 26 July 2005 - 03:18 PM

newks44

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
Hi Cretemonster.

I have had no further pop up ads/downloads from Win Fixer since the one I told you about this morning.

Do I take it then that you have helped me eradicate the bug? I can only assume that the latest Hijackthis Log was favourable.
  • 0

#22
Wizard
Posted 27 July 2005 - 04:59 AM

Wizard

    Retired Staff

  • Retired Staff
  • 5,661 posts
Lets hook up on Yahoo today!

Maybe we can get the registry cleaned up!


Be alot easier for me to explain it to ya via messenger!
  • 0

#23
newks44
Posted 27 July 2005 - 11:01 AM

newks44

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
Cretemonster

I'm not sure whether your last posting here was made before or after I sent you instant messages on Yahoo! Messenger.

As I said in my last instant message we have to arrange a mutually convenient time to link up bearing in mind the time differences.

I'll wait to hear from you on Yahoo!
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP