Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

WinFixer is killing me!


  • This topic is locked This topic is locked

#1
crapshooter

crapshooter

    banned

  • Banned
  • Pip
  • 4 posts
I spent 4 hours trying to rid myself of WinFixer on a client's system. I have run Spybot, Norton and Ewido. The system is running XP SP1. I have not yet run HijackThis but I have run Option 1 from L2mfix. The report is attached here as is the report from Ewido.

Please let me know the best way to go from here.

Thanks.

Attached Files


  • 0

Advertisements


#2
The_Big_G

The_Big_G

    Member

  • Member
  • PipPipPip
  • 173 posts
welcome to G2G crapshooter.
Sorry for the delay but we have been very busy around here with many logs and everyone here volunteers there time.

We'll need you to use a free diagnostic tool, Hijack This. Follow the instructions in step five of this guide, and post your log here. please do not start a new topic

Most of what Hijack This lists will be harmless or even essential, DO NOT delete or modify anything yet! I will be along to tell you what steps to take after you post the contents of the scan results.
  • 0

#3
crapshooter

crapshooter

    banned

  • Topic Starter
  • Banned
  • Pip
  • 4 posts
Sorry, it took a while - I couldn't get back to the client. Here is the latest HiJack This (below) and L2MFIX (attached) logs.

Thanks,
Dan


Logfile of HijackThis v1.99.1
Scan saved at 12:44:14 PM, on 9/1/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
D:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
D:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
D:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
D:\Program Files\ewido\security suite\ewidoctrl.exe
D:\Program Files\Citrix\GoToMyPC\g2svc.exe
D:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
D:\Program Files\Citrix\GoToMyPC\g2comm.exe
D:\Program Files\Norton AntiVirus\navapsvc.exe
D:\Program Files\Citrix\GoToMyPC\g2pre.exe
D:\Program Files\Citrix\GoToMyPC\g2tray.exe
D:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
D:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
D:\WINDOWS\Explorer.EXE
D:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe
D:\Program Files\Common Files\Symantec Shared\ccApp.exe
D:\Program Files\Hewlett-Packard\Toolbox\StatusClient\StatusClient.exe
D:\Program Files\SpamBlockerUtility\Bin\4.6.1.0\SbOEAddOn.exe
D:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
D:\WINDOWS\System32\vidctrl\vidctrl.exe
D:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
D:\Program Files\Messenger\msmsgs.exe
D:\Program Files\Webroot\PopUpWasher\PopUpWasher.exe
D:\Program Files\Webroot\Shredder\spshredder.exe
D:\WINDOWS\System32\ctfmon.exe
D:\WINDOWS\System32\m?config.exe
D:\Program Files\mate\onsc.exe
D:\Program Files\ACT\SideACT.exe
D:\Program Files\Hewlett-Packard\Toolbox\jre\bin\javaw.exe
D:\Program Files\ACT\act.exe
D:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe
D:\Documents and Settings\Irene\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - _{8952A998-1E7E-4716-B23D-3DBE03910972} - (no file)
O4 - HKLM\..\Run: [RoxioDragToDisc] "D:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"
O4 - HKLM\..\Run: [ccApp] "D:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SSC_UserPrompt] D:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] D:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [VBouncer] D:\PROGRA~1\VBOUNCER\VirtualBouncer.exe
O4 - HKLM\..\Run: [GoToMyPC] D:\Program Files\Citrix\GoToMyPC\g2svc.exe -logon
O4 - HKLM\..\Run: [TkBellExe] "D:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Desktop Search] D:\WINDOWS\isrvs\desktop.exe
O4 - HKLM\..\Run: [ffis] D:\WINDOWS\isrvs\ffisearch.exe
O4 - HKLM\..\Run: [fsrcgao] d:\windows\system32\fsrcgao.exe
O4 - HKLM\..\Run: [qt6S36P] scr20.exe
O4 - HKLM\..\Run: [D:\WINDOWS\IEXPLOR.EXE] D:\WINDOWS\IEXPLOR.EXE
O4 - HKLM\..\Run: [D:\WINDOWS\WinTask.exe] D:\WINDOWS\WinTask.exe
O4 - HKLM\..\Run: [StatusClient 2.6] D:\Program Files\Hewlett-Packard\Toolbox\StatusClient\StatusClient.exe /auto
O4 - HKLM\..\Run: [TomcatStartup 2.5] D:\Program Files\Hewlett-Packard\Toolbox\hpbpsttp.exe
O4 - HKLM\..\Run: [SpamBlocker] D:\Program Files\SpamBlockerUtility\Bin\4.6.1.0\SbOEAddOn.exe
O4 - HKLM\..\Run: [HP Software Update] D:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [vidctrl] D:\WINDOWS\System32\vidctrl\vidctrl.exe
O4 - HKLM\..\Run: [svtcin] D:\WINDOWS\system32\n20050308.a.Stub.EXE
O4 - HKCU\..\Run: [SpySweeper] "D:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /0
O4 - HKCU\..\Run: [MSMSGS] "D:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [bAp2RWj7Q] scclnt.exe
O4 - HKCU\..\Run: [ufro] D:\PROGRA~1\COMMON~1\ufro\ufrom.exe
O4 - HKCU\..\Run: [PopUpWasher] D:\Program Files\Webroot\PopUpWasher\PopUpWasher.exe
O4 - HKCU\..\Run: [Spam Shredder] "D:\Program Files\Webroot\Shredder\spshredder.exe" -tray
O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [Syfza] D:\WINDOWS\System32\m?config.exe
O4 - HKCU\..\Run: [Lrom] D:\Program Files\mate\onsc.exe
O4 - Startup: America Online 5.0 Tray Icon.lnk = D:\America Online 5.0\aoltray.exe
O4 - Global Startup: SideACT!.lnk = D:\Program Files\ACT\SideACT.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1124121405093
O20 - Winlogon Notify: Shell Extensions - D:\WINDOWS\system32\o0pqla751d.dll
O23 - Service: APC UPS Service - American Power Conversion Corporation - D:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - D:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: GoToMyPC - Unknown owner - D:\Program Files\Citrix\GoToMyPC\g2svc.exe" -service (file missing)
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - D:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - D:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Pml Driver HPZ12 - HP - D:\WINDOWS\System32\HPZipm12.exe
O23 - Service: SAVScan - Symantec Corporation - D:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - D:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

Attached Files


  • 0

#4
tampabelle

tampabelle

    Member 5k

  • Retired Staff
  • 6,363 posts
Hi Dan,

It is very sorry state of affairs when people like you scavenge on the FREE assistance provided at this site by me and my fellow colleagues.

This forum is for help to home users and individuals only. It is not for people like you to take FREE help from this site and then charge for your services !!!!

I am closing both your topics.

In case you have any issues with my decision, you are free to contact me with your side of the story.

You also have the option of contacting the administrators on this site !!!!!!!!
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP