Sign in with
Sign up | Sign in
Your question

WinFixer 2005

Last response: in Windows XP
Share
Anonymous
August 20, 2005 5:59:36 PM

Archived from groups: microsoft.public.windowsxp.general (More info?)

I just had a popup, and it seemed to want to take over my browser. It
wanted
to start downloading a file but my Norton stopped it. It is called winfixer
2005. It put an downloading process icon in my system tray that says
"WinFixer 2005 Installer" but it isnt
downloading anything,(that i can tell)

What is this and where did it come from? How do i get rid of it?...thanks
for the help...tcoop

More about : winfixer 2005

Anonymous
August 20, 2005 6:05:27 PM

Archived from groups: microsoft.public.windowsxp.general (More info?)

!Danger Will Robinson!

Winfixer 2005 is a parasitic program, do not allow it to install. If it has,
use Add & Remove to get rid of it. If any signs still exist, run System
Restore to a prior date.

--
Best of Luck,

Rick Rogers, aka "Nutcase" - Microsoft MVP
http://mvp.support.microsoft.com/
Associate Expert - WindowsXP Expert Zone
www.microsoft.com/windowsxp/expertzone
Windows help - www.rickrogers.org

"Tom C" <c_tom@nospam.net> wrote in message
news:uqLBsDbpFHA.4088@TK2MSFTNGP15.phx.gbl...
>I just had a popup, and it seemed to want to take over my browser. It
>wanted
> to start downloading a file but my Norton stopped it. It is called
> winfixer
> 2005. It put an downloading process icon in my system tray that says
> "WinFixer 2005 Installer" but it isnt
> downloading anything,(that i can tell)
>
> What is this and where did it come from? How do i get rid of it?...thanks
> for the help...tcoop
>
Anonymous
August 20, 2005 6:05:28 PM

Archived from groups: microsoft.public.windowsxp.general (More info?)

Thank you for alerting us.

I got the same and have ingored it all the time. I have also got other such
pages that keep popping up. What can I do to stop them? And is there any
legitmate software that cleans up my registry.

Thanks.

"Rick "Nutcase" Rogers" wrote:

> !Danger Will Robinson!
>
> Winfixer 2005 is a parasitic program, do not allow it to install. If it has,
> use Add & Remove to get rid of it. If any signs still exist, run System
> Restore to a prior date.
>
> --
> Best of Luck,
>
> Rick Rogers, aka "Nutcase" - Microsoft MVP
> http://mvp.support.microsoft.com/
> Associate Expert - WindowsXP Expert Zone
> www.microsoft.com/windowsxp/expertzone
> Windows help - www.rickrogers.org
>
> "Tom C" <c_tom@nospam.net> wrote in message
> news:uqLBsDbpFHA.4088@TK2MSFTNGP15.phx.gbl...
> >I just had a popup, and it seemed to want to take over my browser. It
> >wanted
> > to start downloading a file but my Norton stopped it. It is called
> > winfixer
> > 2005. It put an downloading process icon in my system tray that says
> > "WinFixer 2005 Installer" but it isnt
> > downloading anything,(that i can tell)
> >
> > What is this and where did it come from? How do i get rid of it?...thanks
> > for the help...tcoop
> >
>
>
>
Related resources
Can't find your answer ? Ask !
Anonymous
August 20, 2005 7:07:44 PM

Archived from groups: microsoft.public.windowsxp.general (More info?)

I looked in Add/Remove and did not see WinFixer2005. I tried to restore to
an earler date an it wouldn't restore to an earlier date.
I still have the WinFixer2005 Installer in my lower right corner. It says it
hasnt downloaded anything but i cant get it to go away. The elapsed timer is
counting off minutes but it says it hasn't downloaded anything.
Is WinFixer2005 the same has "Backdoor.Darkroom? Any more ideas on what i
can do? I thank you for your help....tcoop


"Rick "Nutcase" Rogers" <rick@mvps.org> wrote in message
news:utxJBHbpFHA.1372@TK2MSFTNGP10.phx.gbl...
> !Danger Will Robinson!
>
> Winfixer 2005 is a parasitic program, do not allow it to install. If it
> has, use Add & Remove to get rid of it. If any signs still exist, run
> System Restore to a prior date.
>
> --
> Best of Luck,
>
> Rick Rogers, aka "Nutcase" - Microsoft MVP
> http://mvp.support.microsoft.com/
> Associate Expert - WindowsXP Expert Zone
> www.microsoft.com/windowsxp/expertzone
> Windows help - www.rickrogers.org
>
> "Tom C" <c_tom@nospam.net> wrote in message
> news:uqLBsDbpFHA.4088@TK2MSFTNGP15.phx.gbl...
>>I just had a popup, and it seemed to want to take over my browser. It
>>wanted
>> to start downloading a file but my Norton stopped it. It is called
>> winfixer
>> 2005. It put an downloading process icon in my system tray that says
>> "WinFixer 2005 Installer" but it isnt
>> downloading anything,(that i can tell)
>>
>> What is this and where did it come from? How do i get rid of it?...thanks
>> for the help...tcoop
>>
>
>
August 20, 2005 9:07:15 PM

Archived from groups: microsoft.public.windowsxp.general (More info?)

Tom C wrote:

> I looked in Add/Remove and did not see WinFixer2005. I tried to restore to
> an earler date an it wouldn't restore to an earlier date.
> I still have the WinFixer2005 Installer in my lower right corner. It says it
> hasnt downloaded anything but i cant get it to go away. The elapsed timer is
> counting off minutes but it says it hasn't downloaded anything.
> Is WinFixer2005 the same has "Backdoor.Darkroom? Any more ideas on what i
> can do? I thank you for your help....tcoop
>
>
> "Rick "Nutcase" Rogers" <rick@mvps.org> wrote in message
> news:utxJBHbpFHA.1372@TK2MSFTNGP10.phx.gbl...
>
>>!Danger Will Robinson!
>>
>>Winfixer 2005 is a parasitic program, do not allow it to install. If it
>>has, use Add & Remove to get rid of it. If any signs still exist, run
>>System Restore to a prior date.
>>
>>--
>>Best of Luck,
>>
>>Rick Rogers, aka "Nutcase" - Microsoft MVP
>>http://mvp.support.microsoft.com/
>>Associate Expert - WindowsXP Expert Zone
>>www.microsoft.com/windowsxp/expertzone
>>Windows help - www.rickrogers.org
>>
>>"Tom C" <c_tom@nospam.net> wrote in message
>>news:uqLBsDbpFHA.4088@TK2MSFTNGP15.phx.gbl...
>>
>>>I just had a popup, and it seemed to want to take over my browser. It
>>>wanted
>>>to start downloading a file but my Norton stopped it. It is called
>>>winfixer
>>>2005. It put an downloading process icon in my system tray that says
>>>"WinFixer 2005 Installer" but it isnt
>>>downloading anything,(that i can tell)
>>>
>>>What is this and where did it come from? How do i get rid of it?...thanks
>>>for the help...tcoop

Please don't post Hijackthis logs to this forum. There are specialty
forums for it where the experts will look at it. Ignore pcbutts1.

Forums to Interpret HijackThis Logs:

http://www.spywareinfo.com/forums/
http://forum.aumha.org/viewforum.php?f=30
http://forums.tomcoyote.org/
http://www.wilderssecurity.com/

--
Rock
MS MVP Windows - Shell/User
Anonymous
August 21, 2005 1:29:11 AM

Archived from groups: microsoft.public.windowsxp.general (More info?)

Download, install, update and run all of the following.

Ad-Aware
http://www.pcbutts1.com/downloads/aawsepersonal.exe

Spybot search and destroy
http://www.pcbutts1.com/downloads/spybotsd14.exe

Ewido Security Suite Trial version
http://www.pcbutts1.com/downloads/ewidosetup.exe

Microsoft Windows AntiSpyware (Beta1)
http://www.microsoft.com/downloads/details.aspx?FamilyI...

If none of the above fixes the issue then download Hijack this, run it, save
a copy of the log file and cut and paste it back here to this group so that
I can analyze it. Ignore anyone who tells you to post it elsewhere. I need
to see it not them.


HijackThis
http://www.pcbutts1.com/downloads/HijackThis.zip

--


The best live web video on the internet http://www.seedsv.com/webdemo.htm
NEW Embedded system W/Linux. We now sell DVR cards.
See it all at http://www.seedsv.com/products.htm
Sharpvision simply the best http://www.seedsv.com



"Tom C" <c_tom@nospam.net> wrote in message
news:eaX8xpbpFHA.3380@TK2MSFTNGP12.phx.gbl...
>I looked in Add/Remove and did not see WinFixer2005. I tried to restore to
>an earler date an it wouldn't restore to an earlier date.
> I still have the WinFixer2005 Installer in my lower right corner. It says
> it hasnt downloaded anything but i cant get it to go away. The elapsed
> timer is counting off minutes but it says it hasn't downloaded anything.
> Is WinFixer2005 the same has "Backdoor.Darkroom? Any more ideas on what i
> can do? I thank you for your help....tcoop
>
>
> "Rick "Nutcase" Rogers" <rick@mvps.org> wrote in message
> news:utxJBHbpFHA.1372@TK2MSFTNGP10.phx.gbl...
>> !Danger Will Robinson!
>>
>> Winfixer 2005 is a parasitic program, do not allow it to install. If it
>> has, use Add & Remove to get rid of it. If any signs still exist, run
>> System Restore to a prior date.
>>
>> --
>> Best of Luck,
>>
>> Rick Rogers, aka "Nutcase" - Microsoft MVP
>> http://mvp.support.microsoft.com/
>> Associate Expert - WindowsXP Expert Zone
>> www.microsoft.com/windowsxp/expertzone
>> Windows help - www.rickrogers.org
>>
>> "Tom C" <c_tom@nospam.net> wrote in message
>> news:uqLBsDbpFHA.4088@TK2MSFTNGP15.phx.gbl...
>>>I just had a popup, and it seemed to want to take over my browser. It
>>>wanted
>>> to start downloading a file but my Norton stopped it. It is called
>>> winfixer
>>> 2005. It put an downloading process icon in my system tray that says
>>> "WinFixer 2005 Installer" but it isnt
>>> downloading anything,(that i can tell)
>>>
>>> What is this and where did it come from? How do i get rid of
>>> it?...thanks
>>> for the help...tcoop
>>>
>>
>>
>
>
Anonymous
August 21, 2005 1:17:36 PM

Archived from groups: microsoft.public.windowsxp.general (More info?)

Hi,

Adaware and Spybot can be used to clean up the damage.

AdawareII www.lavasoft.de
Spybot www.safer-networking.org

I do not recommend the use of any general purpose registry cleaner, as there
is no need to do this in WinXP. If you suspect registry damage due to a
malware infestation, use an appropriate, targeted solution or use the
procedure below to reinstate a registry backup.

How to Recover from a Corrupted Registry [Q307545]
http://support.microsoft.com/?kbid=307545

--
Best of Luck,

Rick Rogers, aka "Nutcase" - Microsoft MVP
http://mvp.support.microsoft.com/
Associate Expert - WindowsXP Expert Zone
www.microsoft.com/windowsxp/expertzone
Windows help - www.rickrogers.org

"txz" <txz@discussions.microsoft.com> wrote in message
news:FEB861BF-B870-4F60-87F0-9ECE3C644E02@microsoft.com...
> Thank you for alerting us.
>
> I got the same and have ingored it all the time. I have also got other
> such
> pages that keep popping up. What can I do to stop them? And is there any
> legitmate software that cleans up my registry.
>
> Thanks.
>
> "Rick "Nutcase" Rogers" wrote:
>
>> !Danger Will Robinson!
>>
>> Winfixer 2005 is a parasitic program, do not allow it to install. If it
>> has,
>> use Add & Remove to get rid of it. If any signs still exist, run System
>> Restore to a prior date.
>>
>> --
>> Best of Luck,
>>
>> Rick Rogers, aka "Nutcase" - Microsoft MVP
>> http://mvp.support.microsoft.com/
>> Associate Expert - WindowsXP Expert Zone
>> www.microsoft.com/windowsxp/expertzone
>> Windows help - www.rickrogers.org
>>
>> "Tom C" <c_tom@nospam.net> wrote in message
>> news:uqLBsDbpFHA.4088@TK2MSFTNGP15.phx.gbl...
>> >I just had a popup, and it seemed to want to take over my browser. It
>> >wanted
>> > to start downloading a file but my Norton stopped it. It is called
>> > winfixer
>> > 2005. It put an downloading process icon in my system tray that says
>> > "WinFixer 2005 Installer" but it isnt
>> > downloading anything,(that i can tell)
>> >
>> > What is this and where did it come from? How do i get rid of
>> > it?...thanks
>> > for the help...tcoop
>> >
>>
>>
>>
September 14, 2005 4:36:02 PM

Archived from groups: microsoft.public.windowsxp.general (More info?)

I've been having problems with the winfixer popup too and also with other
popups, dating sites, travel, search engines. I've downloaded all of the
programs you have listed below and am still having the same problems. I will
paste my HijackThis log file and I would really appreciate any help.

Logfile of HijackThis v1.99.1
Scan saved at 12:26:57 PM, on 9/14/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Yahoo!\Antivirus\ISafe.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Yahoo!\Antivirus\CAVTray.exe
C:\Program Files\Yahoo!\Antivirus\CAVRID.exe
C:\PROGRA~1\Yahoo!\YOP\yop.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Downloads\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://www.dell4me.com/myway
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.yahoo.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} -
C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} -
C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: MSEvents Object - {827DC836-DD9F-4A68-A602-5812EB50A834} -
C:\WINDOWS\Cursors\expsrv.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} -
C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program
Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [IntelWireless] C:\Program
Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control
Panel\atiptaxx.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media
Experience\PCMService.exe"
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program
Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ISUSPM Startup]
C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common
Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\Yahoo!\Antivirus\CAVTray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\Yahoo!\Antivirus\CAVRID.exe"
O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe"
/startup
O4 - Global Startup: Digital Line Detect.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console -
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program
Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -
C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger -
{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage
Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control)
- http://download.ewido.net/ewidoOnlineScan.cab
O20 - Winlogon Notify: expsrv - C:\WINDOWS\Cursors\expsrv.dll
O20 - Winlogon Notify: IntelWireless - C:\Program
Files\Intel\Wireless\Bin\LgNotify.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. -
C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: CAISafe - Computer Associates International, Inc. -
C:\Program Files\Yahoo!\Antivirus\ISafe.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program
Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program
Files\ewido\security suite\ewidoctrl.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. -
C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program
Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program
Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel
Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates
International, Inc. - C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program
Files\Intel\Wireless\Bin\WLKeeper.exe



"pcbutts1" wrote:

> Download, install, update and run all of the following.
>
> Ad-Aware
> http://www.pcbutts1.com/downloads/aawsepersonal.exe
>
> Spybot search and destroy
> http://www.pcbutts1.com/downloads/spybotsd14.exe
>
> Ewido Security Suite Trial version
> http://www.pcbutts1.com/downloads/ewidosetup.exe
>
> Microsoft Windows AntiSpyware (Beta1)
> http://www.microsoft.com/downloads/details.aspx?FamilyI...
>
> If none of the above fixes the issue then download Hijack this, run it, save
> a copy of the log file and cut and paste it back here to this group so that
> I can analyze it. Ignore anyone who tells you to post it elsewhere. I need
> to see it not them.
>
>
> HijackThis
> http://www.pcbutts1.com/downloads/HijackThis.zip
>
> --
>
>
> The best live web video on the internet http://www.seedsv.com/webdemo.htm
> NEW Embedded system W/Linux. We now sell DVR cards.
> See it all at http://www.seedsv.com/products.htm
> Sharpvision simply the best http://www.seedsv.com
>
>
>
> "Tom C" <c_tom@nospam.net> wrote in message
> news:eaX8xpbpFHA.3380@TK2MSFTNGP12.phx.gbl...
> >I looked in Add/Remove and did not see WinFixer2005. I tried to restore to
> >an earler date an it wouldn't restore to an earlier date.
> > I still have the WinFixer2005 Installer in my lower right corner. It says
> > it hasnt downloaded anything but i cant get it to go away. The elapsed
> > timer is counting off minutes but it says it hasn't downloaded anything.
> > Is WinFixer2005 the same has "Backdoor.Darkroom? Any more ideas on what i
> > can do? I thank you for your help....tcoop
> >
> >
> > "Rick "Nutcase" Rogers" <rick@mvps.org> wrote in message
> > news:utxJBHbpFHA.1372@TK2MSFTNGP10.phx.gbl...
> >> !Danger Will Robinson!
> >>
> >> Winfixer 2005 is a parasitic program, do not allow it to install. If it
> >> has, use Add & Remove to get rid of it. If any signs still exist, run
> >> System Restore to a prior date.
> >>
> >> --
> >> Best of Luck,
> >>
> >> Rick Rogers, aka "Nutcase" - Microsoft MVP
> >> http://mvp.support.microsoft.com/
> >> Associate Expert - WindowsXP Expert Zone
> >> www.microsoft.com/windowsxp/expertzone
> >> Windows help - www.rickrogers.org
> >>
> >> "Tom C" <c_tom@nospam.net> wrote in message
> >> news:uqLBsDbpFHA.4088@TK2MSFTNGP15.phx.gbl...
> >>>I just had a popup, and it seemed to want to take over my browser. It
> >>>wanted
> >>> to start downloading a file but my Norton stopped it. It is called
> >>> winfixer
> >>> 2005. It put an downloading process icon in my system tray that says
> >>> "WinFixer 2005 Installer" but it isnt
> >>> downloading anything,(that i can tell)
> >>>
> >>> What is this and where did it come from? How do i get rid of
> >>> it?...thanks
> >>> for the help...tcoop
> >>>
> >>
> >>
> >
> >
>
>
>
Anonymous
September 15, 2005 12:29:14 AM

Archived from groups: microsoft.public.windowsxp.general (More info?)

Turn off System restore then have Hijackthis fix the following lines

O2 - BHO: MSEvents Object - {827DC836-DD9F-4A68-A602-5812EB50A834} -
C:\WINDOWS\Cursors\expsrv.dll

O4 - HKLM\..\Run: [ISUSPM Startup]
C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup

O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common
Files\InstallShield\UpdateService\issch.exe" -start

O20 - Winlogon Notify: expsrv - C:\WINDOWS\Cursors\expsrv.dll




--


The best live web video on the internet http://www.seedsv.com/webdemo.htm
NEW Embedded system W/Linux. We now sell DVR cards.
See it all at http://www.seedsv.com/products.htm
Sharpvision simply the best http://www.seedsv.com



"manuel" <manuel@discussions.microsoft.com> wrote in message
news:F5D15A7E-D845-4FCD-8306-D5177FD4D930@microsoft.com...
> I've been having problems with the winfixer popup too and also with other
> popups, dating sites, travel, search engines. I've downloaded all of the
> programs you have listed below and am still having the same problems. I
> will
> paste my HijackThis log file and I would really appreciate any help.
>
> Logfile of HijackThis v1.99.1
> Scan saved at 12:26:57 PM, on 9/14/2005
> Platform: Windows XP SP2 (WinNT 5.01.2600)
> MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
>
Anonymous
September 15, 2005 12:29:15 AM

Archived from groups: microsoft.public.windowsxp.general (More info?)

And the files expsrv.dll, ISUSPM.EXE, ISSCH.EXE, expsrv.dll and their
containing folders, it's OK just to leave them be?

Manuel, WinFixer cannot be removed simply by having HT fix a few entries:
They'll return as soon as you reboot, possibly with different filenames.

Here's some truly helpful information:

Checking for/Help with Hijackware
http://aumha.org/a/parasite.htm
http://aumha.org/a/quickfix.htm
http://aumha.net/viewtopic.php?t=5878
http://mvps.org/winhelp2002/unwanted.htm
http://inetexplorer.mvps.org/data/prevention.htm
http://inetexplorer.mvps.org/archive/tshoot.html
http://www.mvps.org/sramesh2k/Malware_Defence.htm
http://defendingyourmachine.blogspot.com/

When all else fails, HijackThis v1.99.1
(http://aumha.net/downloads/hijackthis.zip) is the preferred tool to use.
It will help you to both identify and remove any hijackware/spyware. **Post
your log to http://forums.spywareinfo.com/,
http://castlecops.com/forum67.html or http://aumha.net/viewforum.php?f=30
for expert analysis, not here.**
--
~Robear Dyer (PA Bear)
MS MVP-Windows (IE/OE, Shell/User, Security), AH-VSOP


pcbutts1 wrote:
> Turn off System restore then have Hijackthis fix the following lines
>
> O2 - BHO: MSEvents Object - {827DC836-DD9F-4A68-A602-5812EB50A834} -
> C:\WINDOWS\Cursors\expsrv.dll
>
> O4 - HKLM\..\Run: [ISUSPM Startup]
> C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
>
> O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common
> Files\InstallShield\UpdateService\issch.exe" -start
>
> O20 - Winlogon Notify: expsrv - C:\WINDOWS\Cursors\expsrv.dll
>
>
>
>
>
> "manuel" <manuel@discussions.microsoft.com> wrote in message
> news:F5D15A7E-D845-4FCD-8306-D5177FD4D930@microsoft.com...
> > I've been having problems with the winfixer popup too and also with
> > other popups, dating sites, travel, search engines. I've downloaded
> > all of the programs you have listed below and am still having the same
> > problems. I will
> > paste my HijackThis log file and I would really appreciate any help.
> >
> > Logfile of HijackThis v1.99.1
> > Scan saved at 12:26:57 PM, on 9/14/2005
> > Platform: Windows XP SP2 (WinNT 5.01.2600)
> > MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Anonymous
September 15, 2005 2:51:21 AM

Archived from groups: microsoft.public.windowsxp.general (More info?)

Get lost idiot.

--


The best live web video on the internet http://www.seedsv.com/webdemo.htm
NEW Embedded system W/Linux. We now sell DVR cards.
See it all at http://www.seedsv.com/products.htm
Sharpvision simply the best http://www.seedsv.com



"PA Bear" <PABearMVP@gmail.com> wrote in message
news:%23s8MG1XuFHA.3792@TK2MSFTNGP10.phx.gbl...
> And the files expsrv.dll, ISUSPM.EXE, ISSCH.EXE, expsrv.dll and their
> containing folders, it's OK just to leave them be?
>
> Manuel, WinFixer cannot be removed simply by having HT fix a few entries:
> They'll return as soon as you reboot, possibly with different filenames.
>
> Here's some truly helpful information:
>
> Checking for/Help with Hijackware
> http://aumha.org/a/parasite.htm
> http://aumha.org/a/quickfix.htm
> http://aumha.net/viewtopic.php?t=5878
> http://mvps.org/winhelp2002/unwanted.htm
> http://inetexplorer.mvps.org/data/prevention.htm
> http://inetexplorer.mvps.org/archive/tshoot.html
> http://www.mvps.org/sramesh2k/Malware_Defence.htm
> http://defendingyourmachine.blogspot.com/
>
> When all else fails, HijackThis v1.99.1
> (http://aumha.net/downloads/hijackthis.zip) is the preferred tool to use.
> It will help you to both identify and remove any hijackware/spyware.
> **Post your log to http://forums.spywareinfo.com/,
> http://castlecops.com/forum67.html or http://aumha.net/viewforum.php?f=30
> for expert analysis, not here.**
> --
> ~Robear Dyer (PA Bear)
> MS MVP-Windows (IE/OE, Shell/User, Security), AH-VSOP
>
>
> pcbutts1 wrote:
>> Turn off System restore then have Hijackthis fix the following lines
>>
>> O2 - BHO: MSEvents Object - {827DC836-DD9F-4A68-A602-5812EB50A834} -
>> C:\WINDOWS\Cursors\expsrv.dll
>>
>> O4 - HKLM\..\Run: [ISUSPM Startup]
>> C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
>>
>> O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common
>> Files\InstallShield\UpdateService\issch.exe" -start
>>
>> O20 - Winlogon Notify: expsrv - C:\WINDOWS\Cursors\expsrv.dll
>>
>>
>>
>>
>>
>> "manuel" <manuel@discussions.microsoft.com> wrote in message
>> news:F5D15A7E-D845-4FCD-8306-D5177FD4D930@microsoft.com...
>> > I've been having problems with the winfixer popup too and also with
>> > other popups, dating sites, travel, search engines. I've downloaded
>> > all of the programs you have listed below and am still having the same
>> > problems. I will
>> > paste my HijackThis log file and I would really appreciate any help.
>> >
>> > Logfile of HijackThis v1.99.1
>> > Scan saved at 12:26:57 PM, on 9/14/2005
>> > Platform: Windows XP SP2 (WinNT 5.01.2600)
>> > MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
>
Anonymous
September 15, 2005 2:51:22 AM

Archived from groups: microsoft.public.windowsxp.general (More info?)

I can point you and everyone else here to forum threads where I've helped
users remove WinFixer. Can you?
--
~Robear Dyer (PA Bear)
MS MVP-Windows (IE/OE, Shell/User, Security), AH-VSOP

pcbutts1 wrote:
> Get lost idiot.
>
>
> "PA Bear" <PABearMVP@gmail.com> wrote in message
> news:%23s8MG1XuFHA.3792@TK2MSFTNGP10.phx.gbl...
> > And the files expsrv.dll, ISUSPM.EXE, ISSCH.EXE, expsrv.dll and their
> > containing folders, it's OK just to leave them be?
> >
> > Manuel, WinFixer cannot be removed simply by having HT fix a few
> > entries: They'll return as soon as you reboot, possibly with different
> > filenames. Here's some truly helpful information:
> >
> > Checking for/Help with Hijackware
> > http://aumha.org/a/parasite.htm
> > http://aumha.org/a/quickfix.htm
> > http://aumha.net/viewtopic.php?t=5878
> > http://mvps.org/winhelp2002/unwanted.htm
> > http://inetexplorer.mvps.org/data/prevention.htm
> > http://inetexplorer.mvps.org/archive/tshoot.html
> > http://www.mvps.org/sramesh2k/Malware_Defence.htm
> > http://defendingyourmachine.blogspot.com/
> >
> > When all else fails, HijackThis v1.99.1
> > (http://aumha.net/downloads/hijackthis.zip) is the preferred tool to
> > use. It will help you to both identify and remove any
> > hijackware/spyware. **Post your log to http://forums.spywareinfo.com/,
> > http://castlecops.com/forum67.html or
> > http://aumha.net/viewforum.php?f=30 for expert analysis, not here.**
> > --
> > ~Robear Dyer (PA Bear)
> > MS MVP-Windows (IE/OE, Shell/User, Security), AH-VSOP
> >
> >
> > pcbutts1 wrote:
> > > Turn off System restore then have Hijackthis fix the following lines
> > >
> > > O2 - BHO: MSEvents Object - {827DC836-DD9F-4A68-A602-5812EB50A834} -
> > > C:\WINDOWS\Cursors\expsrv.dll
> > >
> > > O4 - HKLM\..\Run: [ISUSPM Startup]
> > > C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
> > >
> > > O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common
> > > Files\InstallShield\UpdateService\issch.exe" -start
> > >
> > > O20 - Winlogon Notify: expsrv - C:\WINDOWS\Cursors\expsrv.dll
> > >
> > >
> > >
> > >
> > >
> > > "manuel" <manuel@discussions.microsoft.com> wrote in message
> > > news:F5D15A7E-D845-4FCD-8306-D5177FD4D930@microsoft.com...
> > > > I've been having problems with the winfixer popup too and also with
> > > > other popups, dating sites, travel, search engines. I've downloaded
> > > > all of the programs you have listed below and am still having the
> > > > same problems. I will
> > > > paste my HijackThis log file and I would really appreciate any help.
> > > >
> > > > Logfile of HijackThis v1.99.1
> > > > Scan saved at 12:26:57 PM, on 9/14/2005
> > > > Platform: Windows XP SP2 (WinNT 5.01.2600)
> > > > MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Anonymous
September 15, 2005 3:01:40 AM

Archived from groups: microsoft.public.windowsxp.general (More info?)

Ignore the post by PA Bear it is of no help at all. You will waste your time
clicking on all those links, not one will tell you how to remove Winfixer.
He is a troll MVP who is hell bent on trying to discredit me and confuse
you.

--


The best live web video on the internet http://www.seedsv.com/webdemo.htm
NEW Embedded system W/Linux. We now sell DVR cards.
See it all at http://www.seedsv.com/products.htm
Sharpvision simply the best http://www.seedsv.com



"manuel" <manuel@discussions.microsoft.com> wrote in message
news:F5D15A7E-D845-4FCD-8306-D5177FD4D930@microsoft.com...
> I've been having problems with the winfixer popup too and also with other
> popups, dating sites, travel, search engines. I've downloaded all of the
> programs you have listed below and am still having the same problems. I
> will
> paste my HijackThis log file and I would really appreciate any help.
>
> Logfile of HijackThis v1.99.1
> Scan saved at 12:26:57 PM, on 9/14/2005
> Platform: Windows XP SP2 (WinNT 5.01.2600)
> MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
>
> Running processes:
> C:\WINDOWS\System32\smss.exe
> C:\WINDOWS\system32\winlogon.exe
> C:\WINDOWS\system32\services.exe
> C:\WINDOWS\system32\lsass.exe
> C:\WINDOWS\system32\Ati2evxx.exe
> C:\WINDOWS\system32\svchost.exe
> C:\WINDOWS\System32\svchost.exe
> C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
> C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
> C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
> C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
> C:\WINDOWS\system32\Ati2evxx.exe
> C:\WINDOWS\Explorer.EXE
> C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
> C:\WINDOWS\system32\spoolsv.exe
> C:\Program Files\Yahoo!\Antivirus\ISafe.exe
> C:\Program Files\ewido\security suite\ewidoctrl.exe
> C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
> C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
> C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
> C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
> C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
> C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
> C:\Program Files\Dell\Media Experience\PCMService.exe
> C:\Program Files\Dell\QuickSet\quickset.exe
> C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
> C:\WINDOWS\system32\dla\tfswctrl.exe
> C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
> C:\Program Files\Yahoo!\Antivirus\CAVTray.exe
> C:\Program Files\Yahoo!\Antivirus\CAVRID.exe
> C:\PROGRA~1\Yahoo!\YOP\yop.exe
> C:\Program Files\Dell Support\DSAgnt.exe
> C:\Program Files\Digital Line Detect\DLG.exe
> C:\PROGRA~1\Yahoo!\browser\ycommon.exe
> C:\Downloads\hijackthis\HijackThis.exe
>
> R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
> http://www.dell4me.com/myway
> R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
> http://www.yahoo.com/
> O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
> C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
> O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} -
> C:\PROGRA~1\SPYBOT~1\SDHelper.dll
> O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} -
> C:\WINDOWS\system32\dla\tfswshx.dll
> O2 - BHO: MSEvents Object - {827DC836-DD9F-4A68-A602-5812EB50A834} -
> C:\WINDOWS\Cursors\expsrv.dll
> O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} -
> C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
> O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program
> Files\Java\j2re1.4.2_03\bin\jusched.exe
> O4 - HKLM\..\Run: [IntelWireless] C:\Program
> Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
> O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control
> Panel\atiptaxx.exe
> O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media
> Experience\PCMService.exe"
> O4 - HKLM\..\Run: [Dell QuickSet] C:\Program
> Files\Dell\QuickSet\quickset.exe
> O4 - HKLM\..\Run: [DVDLauncher] "C:\Program
> Files\CyberLink\PowerDVD\DVDLauncher.exe"
> O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
> O4 - HKLM\..\Run: [ISUSPM Startup]
> C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
> O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common
> Files\InstallShield\UpdateService\issch.exe" -start
> O4 - HKLM\..\Run: [CaAvTray] "C:\Program
> Files\Yahoo!\Antivirus\CAVTray.exe"
> O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\Yahoo!\Antivirus\CAVRID.exe"
> O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart
> O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe"
> /startup
> O4 - Global Startup: Digital Line Detect.lnk = ?
> O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
> C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
> O9 - Extra 'Tools' menuitem: Sun Java Console -
> {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program
> Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
> O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -
> C:\Program Files\Messenger\msmsgs.exe
> O9 - Extra 'Tools' menuitem: Windows Messenger -
> {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program
> Files\Messenger\msmsgs.exe
> O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine
> Advantage
> Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
> O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan
> Control)
> - http://download.ewido.net/ewidoOnlineScan.cab
> O20 - Winlogon Notify: expsrv - C:\WINDOWS\Cursors\expsrv.dll
> O20 - Winlogon Notify: IntelWireless - C:\Program
> Files\Intel\Wireless\Bin\LgNotify.dll
> O23 - Service: Ati HotKey Poller - ATI Technologies Inc. -
> C:\WINDOWS\system32\Ati2evxx.exe
> O23 - Service: CAISafe - Computer Associates International, Inc. -
> C:\Program Files\Yahoo!\Antivirus\ISafe.exe
> O23 - Service: EvtEng - Intel Corporation - C:\Program
> Files\Intel\Wireless\Bin\EvtEng.exe
> O23 - Service: ewido security suite control - ewido networks - C:\Program
> Files\ewido\security suite\ewidoctrl.exe
> O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. -
> C:\Program Files\iPod\bin\iPodService.exe
> O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program
> Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
> O23 - Service: RegSrvc - Intel Corporation - C:\Program
> Files\Intel\Wireless\Bin\RegSrvc.exe
> O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel
> Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
> O23 - Service: VET Message Service (VETMSGNT) - Computer Associates
> International, Inc. - C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
> O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program
> Files\Intel\Wireless\Bin\WLKeeper.exe
>
>
>
> "pcbutts1" wrote:
>
>> Download, install, update and run all of the following.
>>
>> Ad-Aware
>> http://www.pcbutts1.com/downloads/aawsepersonal.exe
>>
>> Spybot search and destroy
>> http://www.pcbutts1.com/downloads/spybotsd14.exe
>>
>> Ewido Security Suite Trial version
>> http://www.pcbutts1.com/downloads/ewidosetup.exe
>>
>> Microsoft Windows AntiSpyware (Beta1)
>> http://www.microsoft.com/downloads/details.aspx?FamilyI...
>>
>> If none of the above fixes the issue then download Hijack this, run it,
>> save
>> a copy of the log file and cut and paste it back here to this group so
>> that
>> I can analyze it. Ignore anyone who tells you to post it elsewhere. I
>> need
>> to see it not them.
>>
>>
>> HijackThis
>> http://www.pcbutts1.com/downloads/HijackThis.zip
>>
>> --
>>
>>
>> The best live web video on the internet http://www.seedsv.com/webdemo.htm
>> NEW Embedded system W/Linux. We now sell DVR cards.
>> See it all at http://www.seedsv.com/products.htm
>> Sharpvision simply the best http://www.seedsv.com
>>
>>
>>
>> "Tom C" <c_tom@nospam.net> wrote in message
>> news:eaX8xpbpFHA.3380@TK2MSFTNGP12.phx.gbl...
>> >I looked in Add/Remove and did not see WinFixer2005. I tried to restore
>> >to
>> >an earler date an it wouldn't restore to an earlier date.
>> > I still have the WinFixer2005 Installer in my lower right corner. It
>> > says
>> > it hasnt downloaded anything but i cant get it to go away. The elapsed
>> > timer is counting off minutes but it says it hasn't downloaded
>> > anything.
>> > Is WinFixer2005 the same has "Backdoor.Darkroom? Any more ideas on
>> > what i
>> > can do? I thank you for your help....tcoop
>> >
>> >
>> > "Rick "Nutcase" Rogers" <rick@mvps.org> wrote in message
>> > news:utxJBHbpFHA.1372@TK2MSFTNGP10.phx.gbl...
>> >> !Danger Will Robinson!
>> >>
>> >> Winfixer 2005 is a parasitic program, do not allow it to install. If
>> >> it
>> >> has, use Add & Remove to get rid of it. If any signs still exist, run
>> >> System Restore to a prior date.
>> >>
>> >> --
>> >> Best of Luck,
>> >>
>> >> Rick Rogers, aka "Nutcase" - Microsoft MVP
>> >> http://mvp.support.microsoft.com/
>> >> Associate Expert - WindowsXP Expert Zone
>> >> www.microsoft.com/windowsxp/expertzone
>> >> Windows help - www.rickrogers.org
>> >>
>> >> "Tom C" <c_tom@nospam.net> wrote in message
>> >> news:uqLBsDbpFHA.4088@TK2MSFTNGP15.phx.gbl...
>> >>>I just had a popup, and it seemed to want to take over my browser. It
>> >>>wanted
>> >>> to start downloading a file but my Norton stopped it. It is called
>> >>> winfixer
>> >>> 2005. It put an downloading process icon in my system tray that says
>> >>> "WinFixer 2005 Installer" but it isnt
>> >>> downloading anything,(that i can tell)
>> >>>
>> >>> What is this and where did it come from? How do i get rid of
>> >>> it?...thanks
>> >>> for the help...tcoop
>> >>>
>> >>
>> >>
>> >
>> >
>>
>>
>>
Anonymous
September 15, 2005 5:28:46 AM

Archived from groups: microsoft.public.windowsxp.general (More info?)

Hmm, no reply from mr. butts??

PA Bear wrote:
> I can point you and everyone else here to forum threads where I've helped
> users remove WinFixer. Can you?
>
> pcbutts1 wrote:
>> Get lost idiot.
>>
>>
>> "PA Bear" <PABearMVP@gmail.com> wrote in message
>> news:%23s8MG1XuFHA.3792@TK2MSFTNGP10.phx.gbl...
>>> And the files expsrv.dll, ISUSPM.EXE, ISSCH.EXE, expsrv.dll and their
>>> containing folders, it's OK just to leave them be?
>>>
>>> Manuel, WinFixer cannot be removed simply by having HT fix a few
>>> entries: They'll return as soon as you reboot, possibly with different
>>> filenames. Here's some truly helpful information:
>>>
>>> Checking for/Help with Hijackware
>>> http://aumha.org/a/parasite.htm
>>> http://aumha.org/a/quickfix.htm
>>> http://aumha.net/viewtopic.php?t=5878
>>> http://mvps.org/winhelp2002/unwanted.htm
>>> http://inetexplorer.mvps.org/data/prevention.htm
>>> http://inetexplorer.mvps.org/archive/tshoot.html
>>> http://www.mvps.org/sramesh2k/Malware_Defence.htm
>>> http://defendingyourmachine.blogspot.com/
>>>
>>> When all else fails, HijackThis v1.99.1
>>> (http://aumha.net/downloads/hijackthis.zip) is the preferred tool to
>>> use. It will help you to both identify and remove any
>>> hijackware/spyware. **Post your log to http://forums.spywareinfo.com/,
>>> http://castlecops.com/forum67.html or
>>> http://aumha.net/viewforum.php?f=30 for expert analysis, not here.**
>>> --
>>> ~Robear Dyer (PA Bear)
>>> MS MVP-Windows (IE/OE, Shell/User, Security), AH-VSOP
>>>
>>>
>>> pcbutts1 wrote:
>>>> Turn off System restore then have Hijackthis fix the following lines
>>>>
>>>> O2 - BHO: MSEvents Object - {827DC836-DD9F-4A68-A602-5812EB50A834} -
>>>> C:\WINDOWS\Cursors\expsrv.dll
>>>>
>>>> O4 - HKLM\..\Run: [ISUSPM Startup]
>>>> C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
>>>>
>>>> O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common
>>>> Files\InstallShield\UpdateService\issch.exe" -start
>>>>
>>>> O20 - Winlogon Notify: expsrv - C:\WINDOWS\Cursors\expsrv.dll
>>>>
>>>>
>>>>
>>>>
>>>>
>>>> "manuel" <manuel@discussions.microsoft.com> wrote in message
>>>> news:F5D15A7E-D845-4FCD-8306-D5177FD4D930@microsoft.com...
>>>>> I've been having problems with the winfixer popup too and also with
>>>>> other popups, dating sites, travel, search engines. I've downloaded
>>>>> all of the programs you have listed below and am still having the
>>>>> same problems. I will
>>>>> paste my HijackThis log file and I would really appreciate any help.
>>>>>
>>>>> Logfile of HijackThis v1.99.1
>>>>> Scan saved at 12:26:57 PM, on 9/14/2005
>>>>> Platform: Windows XP SP2 (WinNT 5.01.2600)
>>>>> MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Anonymous
September 15, 2005 3:47:31 PM

Archived from groups: microsoft.public.windowsxp.general (More info?)

<lol> You have to give him time to think up another lie <g>
Joan


PA Bear wrote:
> Hmm, no reply from mr. butts??
>
> PA Bear wrote:
>> I can point you and everyone else here to forum threads where I've
>> helped users remove WinFixer. Can you?
>>
>> pcbutts1 wrote:
>>> Get lost idiot.
>>>
Anonymous
September 15, 2005 11:09:21 PM

Archived from groups: microsoft.public.windowsxp.general (More info?)

If there's any justice in this world, his browser's been hijacked! <VBEG>

Joan Archer wrote:
> <lol> You have to give him time to think up another lie <g>
>
>> Hmm, no reply from mr. butts??
>>
>>> I can point you and everyone else here to forum threads where I've
>>> helped users remove WinFixer. Can you?
>>>
>>> pcbutts1 wrote:
>>>> Get lost idiot.
September 18, 2005 3:11:01 PM

Archived from groups: microsoft.public.windowsxp.general (More info?)

I just wanted to thank everyone that helped. I haven't seen the winfixer
popup for a while or any other similar popups. It did take a lot of work
with me having to scan evertime I go online which always turns up at least
one item.
I think a part of the problem is that I have a dell and it came installed
with a My Way search program. Removing that helped but it takes some work
also. Here is a link from dell that tells you step by step how to remove it.
Thanks again.

http://forums.us.dell.com/supportforums/board/message?b...

Manuel



"PA Bear" wrote:

> I can point you and everyone else here to forum threads where I've helped
> users remove WinFixer. Can you?
> --
> ~Robear Dyer (PA Bear)
> MS MVP-Windows (IE/OE, Shell/User, Security), AH-VSOP
>
> pcbutts1 wrote:
> > Get lost idiot.
> >
> >
> > "PA Bear" <PABearMVP@gmail.com> wrote in message
> > news:%23s8MG1XuFHA.3792@TK2MSFTNGP10.phx.gbl...
> > > And the files expsrv.dll, ISUSPM.EXE, ISSCH.EXE, expsrv.dll and their
> > > containing folders, it's OK just to leave them be?
> > >
> > > Manuel, WinFixer cannot be removed simply by having HT fix a few
> > > entries: They'll return as soon as you reboot, possibly with different
> > > filenames. Here's some truly helpful information:
> > >
> > > Checking for/Help with Hijackware
> > > http://aumha.org/a/parasite.htm
> > > http://aumha.org/a/quickfix.htm
> > > http://aumha.net/viewtopic.php?t=5878
> > > http://mvps.org/winhelp2002/unwanted.htm
> > > http://inetexplorer.mvps.org/data/prevention.htm
> > > http://inetexplorer.mvps.org/archive/tshoot.html
> > > http://www.mvps.org/sramesh2k/Malware_Defence.htm
> > > http://defendingyourmachine.blogspot.com/
> > >
> > > When all else fails, HijackThis v1.99.1
> > > (http://aumha.net/downloads/hijackthis.zip) is the preferred tool to
> > > use. It will help you to both identify and remove any
> > > hijackware/spyware. **Post your log to http://forums.spywareinfo.com/,
> > > http://castlecops.com/forum67.html or
> > > http://aumha.net/viewforum.php?f=30 for expert analysis, not here.**
> > > --
> > > ~Robear Dyer (PA Bear)
> > > MS MVP-Windows (IE/OE, Shell/User, Security), AH-VSOP
> > >
> > >
> > > pcbutts1 wrote:
> > > > Turn off System restore then have Hijackthis fix the following lines
> > > >
> > > > O2 - BHO: MSEvents Object - {827DC836-DD9F-4A68-A602-5812EB50A834} -
> > > > C:\WINDOWS\Cursors\expsrv.dll
> > > >
> > > > O4 - HKLM\..\Run: [ISUSPM Startup]
> > > > C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
> > > >
> > > > O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common
> > > > Files\InstallShield\UpdateService\issch.exe" -start
> > > >
> > > > O20 - Winlogon Notify: expsrv - C:\WINDOWS\Cursors\expsrv.dll
> > > >
> > > >
> > > >
> > > >
> > > >
> > > > "manuel" <manuel@discussions.microsoft.com> wrote in message
> > > > news:F5D15A7E-D845-4FCD-8306-D5177FD4D930@microsoft.com...
> > > > > I've been having problems with the winfixer popup too and also with
> > > > > other popups, dating sites, travel, search engines. I've downloaded
> > > > > all of the programs you have listed below and am still having the
> > > > > same problems. I will
> > > > > paste my HijackThis log file and I would really appreciate any help.
> > > > >
> > > > > Logfile of HijackThis v1.99.1
> > > > > Scan saved at 12:26:57 PM, on 9/14/2005
> > > > > Platform: Windows XP SP2 (WinNT 5.01.2600)
> > > > > MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
>
>
Anonymous
September 29, 2005 7:26:30 PM

Archived from groups: microsoft.public.windowsxp.general (More info?)

You can call them here. this is winfixers parent winsoftware

here are winfixers phone numbers. the numbers are for billingnow.com.
they are all part of the same scam winsoftware which is winfixer. 800
755-5909. 202 904 2212 and 519 488 5191. they will ask you for name and
email DONT GIVE IT TO THEM


manuel wrote:
> I just wanted to thank everyone that helped. I haven't seen the winfixer
> popup for a while or any other similar popups. It did take a lot of work
> with me having to scan evertime I go online which always turns up at least
> one item.
> I think a part of the problem is that I have a dell and it came installed
> with a My Way search program. Removing that helped but it takes some work
> also. Here is a link from dell that tells you step by step how to remove it.
> Thanks again.
>
> http://forums.us.dell.com/supportforums/board/message?b...
>
> Manuel
>
>
>
> "PA Bear" wrote:
>
> > I can point you and everyone else here to forum threads where I've helped
> > users remove WinFixer. Can you?
> > --
> > ~Robear Dyer (PA Bear)
> > MS MVP-Windows (IE/OE, Shell/User, Security), AH-VSOP
> >
> > pcbutts1 wrote:
> > > Get lost idiot.
> > >
> > >
> > > "PA Bear" <PABearMVP@gmail.com> wrote in message
> > > news:%23s8MG1XuFHA.3792@TK2MSFTNGP10.phx.gbl...
> > > > And the files expsrv.dll, ISUSPM.EXE, ISSCH.EXE, expsrv.dll and their
> > > > containing folders, it's OK just to leave them be?
> > > >
> > > > Manuel, WinFixer cannot be removed simply by having HT fix a few
> > > > entries: They'll return as soon as you reboot, possibly with different
> > > > filenames. Here's some truly helpful information:
> > > >
> > > > Checking for/Help with Hijackware
> > > > http://aumha.org/a/parasite.htm
> > > > http://aumha.org/a/quickfix.htm
> > > > http://aumha.net/viewtopic.php?t=5878
> > > > http://mvps.org/winhelp2002/unwanted.htm
> > > > http://inetexplorer.mvps.org/data/prevention.htm
> > > > http://inetexplorer.mvps.org/archive/tshoot.html
> > > > http://www.mvps.org/sramesh2k/Malware_Defence.htm
> > > > http://defendingyourmachine.blogspot.com/
> > > >
> > > > When all else fails, HijackThis v1.99.1
> > > > (http://aumha.net/downloads/hijackthis.zip) is the preferred tool to
> > > > use. It will help you to both identify and remove any
> > > > hijackware/spyware. **Post your log to http://forums.spywareinfo.com/,
> > > > http://castlecops.com/forum67.html or
> > > > http://aumha.net/viewforum.php?f=30 for expert analysis, not here.**
> > > > --
> > > > ~Robear Dyer (PA Bear)
> > > > MS MVP-Windows (IE/OE, Shell/User, Security), AH-VSOP
> > > >
> > > >
> > > > pcbutts1 wrote:
> > > > > Turn off System restore then have Hijackthis fix the following lines
> > > > >
> > > > > O2 - BHO: MSEvents Object - {827DC836-DD9F-4A68-A602-5812EB50A834} -
> > > > > C:\WINDOWS\Cursors\expsrv.dll
> > > > >
> > > > > O4 - HKLM\..\Run: [ISUSPM Startup]
> > > > > C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
> > > > >
> > > > > O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common
> > > > > Files\InstallShield\UpdateService\issch.exe" -start
> > > > >
> > > > > O20 - Winlogon Notify: expsrv - C:\WINDOWS\Cursors\expsrv.dll
> > > > >
> > > > >
> > > > >
> > > > >
> > > > >
> > > > > "manuel" <manuel@discussions.microsoft.com> wrote in message
> > > > > news:F5D15A7E-D845-4FCD-8306-D5177FD4D930@microsoft.com...
> > > > > > I've been having problems with the winfixer popup too and also with
> > > > > > other popups, dating sites, travel, search engines. I've downloaded
> > > > > > all of the programs you have listed below and am still having the
> > > > > > same problems. I will
> > > > > > paste my HijackThis log file and I would really appreciate any help.
> > > > > >
> > > > > > Logfile of HijackThis v1.99.1
> > > > > > Scan saved at 12:26:57 PM, on 9/14/2005
> > > > > > Platform: Windows XP SP2 (WinNT 5.01.2600)
> > > > > > MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
> >
> >
!