Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works

WinFixer 2005 [CLOSED]

  • This topic is locked This topic is locked



    New Member

  • Member
  • Pip
  • 3 posts
When WinFixer 2005 started showing up I couldn't navigate the web without it disrupting every page view and the computer stated shutting down by itself. It may happen now. I'm really out of my league here but I ran all the programs requested and I'm trying to paste in my Hijack This log.
Thanks for whatever help you can give me. I've been at this for days.

(As I was typing the original edit just now TagWorld popped up and shut me down followed by ABC Search, which you cannot get rid of with the back button, so I had to go back to square one and start over again).

There have been a few changes since the original posting. WinFixer 2005 isn't showing up as much but these other ads show up even more and freeze the page. They range from Look2Me, TagWorld, T-Mobile to Jane & ABC Search which require closing down the page to remove them. I use Firefox so I added Adblock, but it only goes so far. I'm getting pretty desparate here. IE starts by itself and downloads dozens of ads at the same time freezing up the computer. And for no reason I can determine the computer reboots itself. When any of these things happen I lose what I've been doing. The scariest thing is I have and run all the latest in anti-virus and anti-spyware and this is still happening. Occasionally IE will start up when I am working offline because I have an "always on" system. I know you are very busy but I really need some help here. And why are all these [bleep] sites in my Hijack This log? I'm trying to finish a project but I'm afraid to use my computer for anything more serious than e-mail checking.

Logfile of HijackThis v1.99.1
Scan saved at 6:53:17 PM, on 6/5/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Norton SystemWorks\Norton GoBack\GBPoll.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\Canon\Memory Card Utility\PIXMA iP6000D\PDUiP6000DMemCrdMgr.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Canon\Memory Card Utility\PIXMA iP6000D\PDUiP6000DMon.exe
C:\Program Files\Canon\Memory Card Utility\PIXMA iP6000D\PDUiP6000DTskbr.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe
C:\Program Files\Norton SystemWorks\Norton GoBack\GBTray.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Documents and Settings\Michael Schaefer\Desktop\HijackThis.exe
C:\Program Files\Messenger\msmsgs.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - C:\Program Files\SurfSideKick 3\SskBho.dll (file missing)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://D%3A%5CProgram%20Files%5Cmozilla.org%5CMozilla%5Csearchplugins%5CNetscapeSearch.src"); (C:\Documents and Settings\Michael Schaefer\Application Data\Mozilla\Profiles\default\tsccc1cm.slt\prefs.js)
O1 - Hosts: www1.ndhosting.com
O1 - Hosts: www3.ndhosting.com
O1 - Hosts: www2.ndhosting.com
O1 - Hosts: www.ndhosting.com
O1 - Hosts: www.kinghost.com
O1 - Hosts: kinghost.com
O1 - Hosts: www1.kinghost.com
O1 - Hosts: www2.kinghost.com
O1 - Hosts: www3.kinghost.com
O1 - Hosts: www4.kinghost.com
O1 - Hosts: www5.kinghost.com
O1 - Hosts: www6.kinghost.com
O1 - Hosts: www7.kinghost.com
O1 - Hosts: www8.kinghost.com
O1 - Hosts: www9.kinghost.com
O1 - Hosts: www10.kinghost.com
O1 - Hosts: smutserver.com
O1 - Hosts: agreathost.net
O1 - Hosts: www.agreathost.net
O1 - Hosts: hotfreehost.com
O1 - Hosts: www.hotfreehost.com
O1 - Hosts: greatfreehost.com
O1 - Hosts: www.greatfreehost.com
O1 - Hosts: freesmutpages.com
O1 - Hosts: www.freesmutpages.com
O1 - Hosts: apornhost.com
O1 - Hosts: www.apornhost.com
O1 - Hosts: nasty-pages.com
O1 - Hosts: www.nasty-pages.com
O1 - Hosts: sexyfreehost.com
O1 - Hosts: www.sexyfreehost.com
O1 - Hosts: x4web.com
O1 - Hosts: www.x4web.com
O1 - Hosts: sexplanets.com
O1 - Hosts: www.sexplanets.com
O1 - Hosts: maxismut.com
O1 - Hosts: www.maxismut.com
O1 - Hosts: tgpfriendly.com
O1 - Hosts: www.tgpfriendly.com
O1 - Hosts: tgp-server.com
O1 - Hosts: www.tgp-server.com
O1 - Hosts: magnaplza.com
O1 - Hosts: www.magnaplza.com
O1 - Hosts: free-xxx-server.com
O1 - Hosts: www.free-xxx-server.com
O1 - Hosts: libereco.net
O1 - Hosts: www.libereco.net
O1 - Hosts: 0190-dialer.com
O1 - Hosts: www.0190-dialer.com
O1 - Hosts: xxxod.net
O1 - Hosts: www.xxxod.net
O1 - Hosts: altsights.com
O1 - Hosts: www.altsights.com
O1 - Hosts: adulthosting.com
O1 - Hosts: www.adulthosting.com
O1 - Hosts: superhova.com
O1 - Hosts: www.superhova.com
O1 - Hosts: bestpornhost.com
O1 - Hosts: www.bestpornhost.com
O1 - Hosts: hostingfree.com
O1 - Hosts: www.hostingfree.com
O1 - Hosts: xfreehosting.com
O1 - Hosts: www.xfreehosting.com
O1 - Hosts: blinghosting.com
O1 - Hosts: www.blinghosting.com
O1 - Hosts: x-x-x-hosting.com
O1 - Hosts: www.x-x-x-hosting.com
O1 - Hosts: pornparks.com
O1 - Hosts: www.pornparks.com
O1 - Hosts: sexls.com
O1 - Hosts: www.sexls.com
O1 - Hosts: royalfreehost.com
O1 - Hosts: www.royalfreehost.com
O1 - Hosts: pleasuremedia.com
O1 - Hosts: www.pleasuremedia.com
O1 - Hosts: www.mtree.com
O1 - Hosts: mtree.com
O1 - Hosts: astalavista.box.sk
O1 - Hosts: nocreditcard.com
O1 - Hosts: www.nocreditcard.com
O1 - Hosts: movies-etc.com
O1 - Hosts: www.movies-etc.com
O1 - Hosts: 22469.com
O1 - Hosts: alehina.com
O1 - Hosts: allowednet.com
O1 - Hosts: amateurnudephoto.com
O1 - Hosts: amateursgonebad.com
O1 - Hosts: badbimbo.com
O1 - Hosts: beautifulbondage.com
O1 - Hosts: big-xxx-movies.com
O1 - Hosts: bizshura.com
O1 - Hosts: boyanxxx.com
O1 - Hosts: cleanadulthost.com
O1 - Hosts: cleanpornhost.com
O1 - Hosts: cyberxxxhost.com
O1 - Hosts: discretesex.com
O1 - Hosts: easythumbs.com
O1 - Hosts: exscapeporn.com
O1 - Hosts: free-freeporn.com
O1 - Hosts: freepornofreeporn.com
O1 - Hosts: glamourmodelsgonebad.com
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [PDUiP6000DMon] C:\Program Files\Canon\Memory Card Utility\PIXMA iP6000D\PDUiP6000DMon.exe
O4 - HKLM\..\Run: [PDUiP6000DTskbr] C:\Program Files\Canon\Memory Card Utility\PIXMA iP6000D\PDUiP6000DTskbr.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [gdnwpst] C:\WINDOWS\System32\gdnwpst.exe
O4 - HKLM\..\Run: [C:\WINDOWS\VCMnet11.exe] C:\WINDOWS\VCMnet11.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Norton SystemWorks] "C:\Program Files\Norton SystemWorks\cfgwiz.exe" /GUID {05858CFD-5CC4-4ceb-AAAF-CF00BF39736A} /MODE CfgWiz
O4 - HKCU\..\Run: [Gadwin PrintScreen 2.6] C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe /nosplash
O4 - Startup: HotSync Manager.lnk = C:\Palm\HOTSYNC.EXE
O4 - Global Startup: DataViz Messenger.lnk = C:\WINDOWS\DvzCommon\DvzMsgr.exe
O4 - Global Startup: Norton GoBack.lnk = C:\Program Files\Norton SystemWorks\Norton GoBack\GBTray.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\googletoolbar.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\googletoolbar.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\googletoolbar.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\googletoolbar.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\googletoolbar.dll/cmtrans.html
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: *.musicmatch.com
O15 - Trusted Zone: http://www.neededware.com
O15 - Trusted Zone: *.musicmatch.com (HKLM)
O16 - DPF: LiveWorld EZTalk 3.0 - http://live.liveworl...ezmed/ezmed.cab
O16 - DPF: NDWCab - http://www.neededware.com/ndw2.cab
O16 - DPF: ppctlcab - http://ppupdates.ca....er/ppctlcab.cab
O16 - DPF: {01FE8D0A-51AD-459B-B62B-85E135128B32} (DD_v4.DDv4) - http://www.drivershq.com/DD_v4.CAB
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (Fun Web Products Installer Start) - http://imgfarm.com/i...etup1.0.0.5.cab
O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - http://ppupdates.ca....r/axscanner.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.c...nst20040510.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akama...meInstaller.exe
O16 - DPF: {768D513A-C75B-4FAA-8452-E906CDAB6545} (FVLiteLoad Class) - http://flipview.com/...te22/fvlite.cab
O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} - http://a19.g.akamai....21/cpbrkpie.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.s...ta/SymAData.dll
O16 - DPF: {D97287B6-4018-4060-948D-54D2122FC5C3} - http://www.fastfind....03C00/setup.exe
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.s.../ActiveData.cab
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} (Yahoo! Toolbar) - http://us.dl1.yimg.c...ebio5_1_3_0.cab
O16 - DPF: {f760cb9e-c60f-4a89-890e-fae8b849493e} -
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: GoBack Polling Service (GBPoll) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton GoBack\GBPoll.exe
O23 - Service: InCD Helper (InCDsrv) - AHEAD Software - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Iomega App Services - Iomega Corporation - C:\PROGRA~1\Iomega\System32\AppServices.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE
O23 - Service: Canon PIXMA iP6000D Memory Card Manager (PDUiP6000DMemCrdMgr) - CANON INC. - C:\Program Files\Canon\Memory Card Utility\PIXMA iP6000D\PDUiP6000DMemCrdMgr.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe :tazz: :)

Edited by Michaelsart, 22 August 2005 - 10:51 AM.

  • 0




    I do a little bit of everything

  • Member
  • PipPipPipPipPip
  • 2,353 posts
Hello, and welcome to the GeekstoGo Forums. My name is Jfcap,and I will be helping you clean your system. I would like to start off by apologizing in the delay in our response time. We try not to let posts slip through the cracks, but things do happen due the the ammount of posts on our website, so again I apologize.

First, download and install CleanUp! but do not run it yet.
*NOTE* Cleanup deletes EVERYTHING out of temp/temporary folders and does not make backups.

Please download Ewido Security Suite (do NOT run it yet!)
  • Install ewido security suite
  • Launch ewido, there should be a big E icon on your desktop, double-click it.
  • The program will prompt you to update click the OK button
  • The program will now go to the main screen
  • You will need to update ewido to the latest definition files.
  • On the left hand side of the main screen click update
  • Click on Start
  • The update will start and a progress bar will show the updates being installed
  • After the updates are installed, exit Ewido
Reboot your computer into Safe Mode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight Safe Mode, then hit enter.

Once in Safe Mode:

Open Cleanup! by double-clicking the icon on your desktop (or from the Start > All Programs menu).
Set the program up as follows:
Click "Options..."
Move the arrow down to "Custom CleanUp!"
Put a check next to the following (Make sure nothing else is checked!):
  • Empty Recycle Bins
  • Delete Cookies
  • Delete Prefetch files
  • Cleanup! All Users
Click OK
Press the CleanUp! button to start the program.

If Cleanup! asks if you want to reboot, click NO

Open Ewido
  • Click on scanner
  • Click Complete System Scan
  • Let the program scan the machine
While the scan is in progress you will be prompted to clean the first infected file it finds. Choose "remove", then put a check next to "Perform action on all infections" in the left corner of the box so you don't have to sit and watch Ewido the whole time. Click OK.

Once the scan has completed, there will be a button located on the bottom of the screen named Save report
  • Click Save report
  • Save the report to your desktop
  • Exit Ewido
Reboot into normal mode.

Then, please run this online virus scan:

*Save the results from ActiveScan!

Copy the results from ActiveScan and paste them here along with a new HiJackThis log and the report from Ewido.
  • 0



    New Member

  • Topic Starter
  • Member
  • Pip
  • 3 posts
Thank you for responding. I've been working away from home for the last 2 days unexpectedly. I will try to come back early this afternoon to run everything you've requested. I'm having difficulty opening a browser however. It just took me over 10 minutes and a couple of reboots. Also I ran Clean This once before and it removed alot of things I didn't want removed and it meant spending a couple of dasys reregistering for things like newletters and such. Is there a way to avoid that?

I'm leaving right now and will do my best to get back so I 'll have most of the afternoon and evening to run these programs. Thanks again for responding. I was beginning to think I wouldn't hear from anybody.
  • 0



    I do a little bit of everything

  • Member
  • PipPipPipPipPip
  • 2,353 posts
Hi Michael,

Cleanup removed all your cookies and clears your cache. It also clears any stored passwords that you have. You you will need to relog into every site once to save the passwords again. It should not unregister you from any newsletters.

You do not have to run it if you do not wish to, we do this to make sure there are no infected cookies and files in your cache.

Take your time running the scans. We are in no rush. :tazz:
  • 0



    I do a little bit of everything

  • Member
  • PipPipPipPipPip
  • 2,353 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0

Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP