Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

#$@! WinFixer 2005 Popups [CLOSED]


  • This topic is locked This topic is locked

#1
RatherPlayHalo

RatherPlayHalo

    New Member

  • Member
  • Pip
  • 1 posts
All of a sudden, I started getting popups designed as a yes or no dialog box telling me that 'I should let WinFixer scan my registry' or something. No matter what I click, it opens up their website and prompts me to download this piece of crap.

This seems to be happening in all of my browsers (IE, Netscape, Firefox). I did multiple scans with Microsoft Antispyware and Spyware Dr. I did a HijackThis thing and deleted everything that it found. All to no avail. Please help. Also, is there a way to fix this without downloading more scanning apps? I've tried soooo many like CCleaner and AVG and the whole lot. There should just be a file I can delete, right?

Logfile of HijackThis v1.99.1
Scan saved at 4:07:50 PM, on 8/5/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\UAService7.exe
C:\Program Files\Intel\Intel® Active Monitor\imonnt.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\Program Files\toht\cwer.exe
C:\Documents and Settings\Kyle\Desktop\HijackThis.exe

O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O20 - Winlogon Notify: RunOnce - C:\WINDOWS\system32\zeib.dll
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Intel® Active Monitor (imonNT) - Intel Corp. - C:\Program Files\Intel\Intel® Active Monitor\imonnt.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\System32\UAService7.exe

Edited by RatherPlayHalo, 05 August 2005 - 02:07 PM.

  • 0

Advertisements


#2
greyknight17

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
Welcome to GTG.

I'm afraid so. You have to use other tools to help us diagnose your problem. Otherwise, it will be like looking for a needle in a haystack. And when it comes to spyware/viruses, that's a big haystack :tazz:

OK, before we continue on, I want you to run these if you haven't done them already (skip them if you ran them already - this is standard procedure, so you must run them, if you want we can tell you which ones you can uninstall at the end - just ask us ;) ):

Please read this topic and follow the steps outlined there. You must install XP SP1a (hold off on SP2 until your computer is cleaned up) before we can proceed any further. Without it you are wide open to many security attacks. After you do all that, post a new HijackThis log.
  • 0

#3
greyknight17

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP