Archived from groups: microsoft.public.windowsxp.general (
More info?)
Ignore the post by PA Bear it is of no help at all. You will waste your time
clicking on all those links, not one will tell you how to remove Winfixer.
He is a troll MVP who is hell bent on trying to discredit me and confuse
you.
--
The best live web video on the internet
http://www.seedsv.com/webdemo.htm
NEW Embedded system W/Linux. We now sell DVR cards.
See it all at
http://www.seedsv.com/products.htm
Sharpvision simply the best
http://www.seedsv.com
"manuel" <manuel@discussions.microsoft.com> wrote in message
news:F5D15A7E-D845-4FCD-8306-D5177FD4D930@microsoft.com...
> I've been having problems with the winfixer popup too and also with other
> popups, dating sites, travel, search engines. I've downloaded all of the
> programs you have listed below and am still having the same problems. I
> will
> paste my HijackThis log file and I would really appreciate any help.
>
> Logfile of HijackThis v1.99.1
> Scan saved at 12:26:57 PM, on 9/14/2005
> Platform: Windows XP SP2 (WinNT 5.01.2600)
> MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
>
> Running processes:
> C:\WINDOWS\System32\smss.exe
> C:\WINDOWS\system32\winlogon.exe
> C:\WINDOWS\system32\services.exe
> C:\WINDOWS\system32\lsass.exe
> C:\WINDOWS\system32\Ati2evxx.exe
> C:\WINDOWS\system32\svchost.exe
> C:\WINDOWS\System32\svchost.exe
> C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
> C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
> C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
> C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
> C:\WINDOWS\system32\Ati2evxx.exe
> C:\WINDOWS\Explorer.EXE
> C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
> C:\WINDOWS\system32\spoolsv.exe
> C:\Program Files\Yahoo!\Antivirus\ISafe.exe
> C:\Program Files\ewido\security suite\ewidoctrl.exe
> C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
> C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
> C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
> C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
> C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
> C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
> C:\Program Files\Dell\Media Experience\PCMService.exe
> C:\Program Files\Dell\QuickSet\quickset.exe
> C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
> C:\WINDOWS\system32\dla\tfswctrl.exe
> C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
> C:\Program Files\Yahoo!\Antivirus\CAVTray.exe
> C:\Program Files\Yahoo!\Antivirus\CAVRID.exe
> C:\PROGRA~1\Yahoo!\YOP\yop.exe
> C:\Program Files\Dell Support\DSAgnt.exe
> C:\Program Files\Digital Line Detect\DLG.exe
> C:\PROGRA~1\Yahoo!\browser\ycommon.exe
> C:\Downloads\hijackthis\HijackThis.exe
>
> R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
>
http://www.dell4me.com/myway
> R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
> http://www.yahoo.com/
> O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
> C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
> O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} -
> C:\PROGRA~1\SPYBOT~1\SDHelper.dll
> O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} -
> C:\WINDOWS\system32\dla\tfswshx.dll
> O2 - BHO: MSEvents Object - {827DC836-DD9F-4A68-A602-5812EB50A834} -
> C:\WINDOWS\Cursors\expsrv.dll
> O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} -
> C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
> O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program
> Files\Java\j2re1.4.2_03\bin\jusched.exe
> O4 - HKLM\..\Run: [IntelWireless] C:\Program
> Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
> O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control
> Panel\atiptaxx.exe
> O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media
> Experience\PCMService.exe"
> O4 - HKLM\..\Run: [Dell QuickSet] C:\Program
> Files\Dell\QuickSet\quickset.exe
> O4 - HKLM\..\Run: [DVDLauncher] "C:\Program
> Files\CyberLink\PowerDVD\DVDLauncher.exe"
> O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
> O4 - HKLM\..\Run: [ISUSPM Startup]
> C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
> O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common
> Files\InstallShield\UpdateService\issch.exe" -start
> O4 - HKLM\..\Run: [CaAvTray] "C:\Program
> Files\Yahoo!\Antivirus\CAVTray.exe"
> O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\Yahoo!\Antivirus\CAVRID.exe"
> O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart
> O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe"
> /startup
> O4 - Global Startup: Digital Line Detect.lnk = ?
> O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
> C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
> O9 - Extra 'Tools' menuitem: Sun Java Console -
> {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program
> Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
> O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -
> C:\Program Files\Messenger\msmsgs.exe
> O9 - Extra 'Tools' menuitem: Windows Messenger -
> {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program
> Files\Messenger\msmsgs.exe
> O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine
> Advantage
> Validation Tool) -
http://go.microsoft.com/fwlink/?linkid=39204
> O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan
> Control)
> -
http://download.ewido.net/ewidoOnlineScan.cab
> O20 - Winlogon Notify: expsrv - C:\WINDOWS\Cursors\expsrv.dll
> O20 - Winlogon Notify: IntelWireless - C:\Program
> Files\Intel\Wireless\Bin\LgNotify.dll
> O23 - Service: Ati HotKey Poller - ATI Technologies Inc. -
> C:\WINDOWS\system32\Ati2evxx.exe
> O23 - Service: CAISafe - Computer Associates International, Inc. -
> C:\Program Files\Yahoo!\Antivirus\ISafe.exe
> O23 - Service: EvtEng - Intel Corporation - C:\Program
> Files\Intel\Wireless\Bin\EvtEng.exe
> O23 - Service: ewido security suite control - ewido networks - C:\Program
> Files\ewido\security suite\ewidoctrl.exe
> O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. -
> C:\Program Files\iPod\bin\iPodService.exe
> O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program
> Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
> O23 - Service: RegSrvc - Intel Corporation - C:\Program
> Files\Intel\Wireless\Bin\RegSrvc.exe
> O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel
> Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
> O23 - Service: VET Message Service (VETMSGNT) - Computer Associates
> International, Inc. - C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
> O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program
> Files\Intel\Wireless\Bin\WLKeeper.exe
>
>
>
> "pcbutts1" wrote:
>
>> Download, install, update and run all of the following.
>>
>> Ad-Aware
>>
http://www.pcbutts1.com/downloads/aawsepersonal.exe
>>
>> Spybot search and destroy
>>
http://www.pcbutts1.com/downloads/spybotsd14.exe
>>
>> Ewido Security Suite Trial version
>>
http://www.pcbutts1.com/downloads/ewidosetup.exe
>>
>> Microsoft Windows AntiSpyware (Beta1)
>>
http://www.microsoft.com/downloads/details.aspx?FamilyId=321CD7A2-6A57-4C57-A8BD-DBF62EDA9671&displaylang=en
>>
>> If none of the above fixes the issue then download Hijack this, run it,
>> save
>> a copy of the log file and cut and paste it back here to this group so
>> that
>> I can analyze it. Ignore anyone who tells you to post it elsewhere. I
>> need
>> to see it not them.
>>
>>
>> HijackThis
>>
http://www.pcbutts1.com/downloads/HijackThis.zip
>>
>> --
>>
>>
>> The best live web video on the internet
http://www.seedsv.com/webdemo.htm
>> NEW Embedded system W/Linux. We now sell DVR cards.
>> See it all at
http://www.seedsv.com/products.htm
>> Sharpvision simply the best
http://www.seedsv.com
>>
>>
>>
>> "Tom C" <c_tom@nospam.net> wrote in message
>> news:eaX8xpbpFHA.3380@TK2MSFTNGP12.phx.gbl...
>> >I looked in Add/Remove and did not see WinFixer2005. I tried to restore
>> >to
>> >an earler date an it wouldn't restore to an earlier date.
>> > I still have the WinFixer2005 Installer in my lower right corner. It
>> > says
>> > it hasnt downloaded anything but i cant get it to go away. The elapsed
>> > timer is counting off minutes but it says it hasn't downloaded
>> > anything.
>> > Is WinFixer2005 the same has "Backdoor.Darkroom? Any more ideas on
>> > what i
>> > can do? I thank you for your help....tcoop
>> >
>> >
>> > "Rick "Nutcase" Rogers" <rick@mvps.org> wrote in message
>> > news:utxJBHbpFHA.1372@TK2MSFTNGP10.phx.gbl...
>> >> !Danger Will Robinson!
>> >>
>> >> Winfixer 2005 is a parasitic program, do not allow it to install. If
>> >> it
>> >> has, use Add & Remove to get rid of it. If any signs still exist, run
>> >> System Restore to a prior date.
>> >>
>> >> --
>> >> Best of Luck,
>> >>
>> >> Rick Rogers, aka "Nutcase" - Microsoft MVP
>> >> http://mvp.support.microsoft.com/
>> >> Associate Expert - WindowsXP Expert Zone
>> >> www.microsoft.com/windowsxp/expertzone
>> >> Windows help - www.rickrogers.org
>> >>
>> >> "Tom C" <c_tom@nospam.net> wrote in message
>> >> news:uqLBsDbpFHA.4088@TK2MSFTNGP15.phx.gbl...
>> >>>I just had a popup, and it seemed to want to take over my browser. It
>> >>>wanted
>> >>> to start downloading a file but my Norton stopped it. It is called
>> >>> winfixer
>> >>> 2005. It put an downloading process icon in my system tray that says
>> >>> "WinFixer 2005 Installer" but it isnt
>> >>> downloading anything,(that i can tell)
>> >>>
>> >>> What is this and where did it come from? How do i get rid of
>> >>> it?...thanks
>> >>> for the help...tcoop
>> >>>
>> >>
>> >>
>> >
>> >
>>
>>
>>