Help...Another victim of winfixer2005

Jeemy-Boy

New member
I will appreciate very much any tricks you can show this "old dog". I am definitely motivated to learn; out of shear frustration; believe me! Here is the log file from HijackThis...
OK... never mind that. I can't copy & paste my log file (with a .txt file extension). It looks like you guys have to give me the "browse" button permission before I can make any attachments.
I will forward my log file to my work e-mail address so that I can continue working with you guys tomorrow. Simply reply to my query through this forum; due to the fact I cannot read my "home" e-mail from my computer at work.
Thanks SpyBot folks, you are awsome !!
 
Jeemy-Boy said:
I can't copy & paste my log file (with a .txt file extension). <snip>
Thanks SpyBot folks, you are awsome !!

Hi there and thank you. :)

Have you tried this:
  • Double click HijackThis.exe.
  • Hit None Of The Above, just start the program.
  • Hit Scan.
  • When the scan is finished, the "Scan" button will change into a "Save Log" button.
  • Click that, save the log somewhere, and copy/paste the HJT log.
Before you post a log
 
Attn: Tashi... getting you my log file is the ?

Hi Tashi: I didn't have any problem running & creating my HighJackThis log. My problem is this... according to the "Attachment" instructions SpyBot provides; it says to select "Browse" at the bottom of the window one is in when creating a "thread" to post. But there is no "Browse" button anywhere to be found. So... how do I give you my log file?
Any chance you can reply to this msg. before I leave work at 2:45-pm PST?
Thanks again... Jim
 
HJT log file follows...

Wow !! This time it worked. I clicked on "Manage Attachments" and another window opened. Great ! Here you go...
Looking forward to reading your words of wisdom.
Thanks again !!
 
Go start run and type in
sc delete TBPSSvc
press ok or enter

Download smitRem.exe and save the file to your
desktop. (By noahdfear.)
Double click on the file to extract it to it's own folder on the desktop.

Please download the trial version of Ewido Security Suite here:
install then from within the program check for updates BUT dont scan yet
ewido security suite: http://www.ewido.net/en/download/
When installing, under "Additional Options" uncheck "Install background guard" and "Install scan via context menu".
When you run ewido for the first time, you will get a warning "Database could not be found!". Click OK.
We will fix this in a moment.
From the main ewido screen, click on update in the left menu, then click the Start update button.
After the update finishes (the status bar at the bottom will display "Update successful"), Now close the program.
Do NOT run a scan yet.

If you have not already installed Ad-Aware SE 1.06, follow these download and setup instructions, otherwise, check for
updates: Ad-Aware SE Setup
Don't run it yet!

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Next, please reboot your computer in SafeMode by doing the following:
  1. Restart your computer
  2. After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
  3. Instead of Windows loading as normal, a menu should appear
  4. Select the first option, to run Windows in Safe Mode.
Start Hijackthis and place a check next to these items If there.
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.iquicksearch.net/search.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.websearch.com/ie.aspx?tb_id=50141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.websearch.com/ie.aspx?tb_id=50141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = res://C:\PROGRA~1\Toolbar\toolbar.dll/sa
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.websearch.com/ie.aspx?tb_id=50141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = res://C:\PROGRA~1\Toolbar\toolbar.dll/sa
R3 - URLSearchHook: (no name) - {8952A998-1E7E-4716-B23D-3DBE03910972} - C:\PROGRA~1\Toolbar\toolbar.dll
O2 - BHO: (no name) - {8952A998-1E7E-4716-B23D-3DBE03910972} - C:\PROGRA~1\Toolbar\toolbar.dll
O3 - Toolbar: &WebSearch Toolbar - {339BB23F-A864-48C0-A59F-29EA915965EC} - C:\PROGRA~1\Toolbar\toolbar.dll
O4 - HKLM\..\Run: [FNI.WFX5AS_0001_0818] "C:\DOCUME~1\JDix\LOCALS~1\Temp\WFX1.exe"
O4 - HKLM\..\Run: [WinFixer helper] C:\Program Files\WinFixer\wfxcwr.exe
O4 - HKLM\..\Run: [ICF] "C:\Program Files\Internet Content Filter\TheApp.exe"
O4 - HKLM\..\Run: [TBPS] C:\PROGRA~1\Toolbar\TBPS.exe
O4 - HKCU\..\Run: [Sguj] C:\WINDOWS\system32\l?gonui.exe
O4 - HKCU\..\Run: [WinFixer] C:\Program Files\WinFixer\WFX5.exe /min
O4 - HKCU\..\Run: [Lndt] "C:\Program Files\bcas\teas.exe" -vt mt
O15 - Trusted Zone: *.05p.com (HKLM)
O15 - Trusted Zone: *.scoobidoo.com (HKLM)
O15 - Trusted IP range: 206.161.125.149 (HKLM)
O18 - Protocol: tpro - {FF76A5DA-6158-4439-99FF-EDC1B3FE100C} - C:\PROGRA~1\Toolbar\toolbar.dll
O23 - Service: WebSeach Toolbar support NT service (TBPSSvc) - WebSearch - C:\PROGRA~1\Toolbar\TBPSSvc.exe

====================================
Hit fix checked and close Hijackthis.

Open the smitRem folder, then double click the RunThis.bat file to start the tool. Follow the prompts on
screen.
Wait for the tool to complete and disk cleanup to finish.
The tool will create a log named smitfiles.txt in the root of your drive, eg; Local Disk C: or partition where your
operating system is installed. Please post that log along with all others requested in your next reply.

Open Spybot check for and fix any problems found.
Open Ad-aware and do a full scan. Remove all it finds.

Run Ewido:
  • Click on scanner
  • Click on Complete System Scan and the scan will begin.
  • NOTE: During some scans with ewido it is finding cases of false positives.
  • You will need to step through the process of cleaning files one-by-one.
  • If ewido detects a file you KNOW to be legitimate, select none as the action.
  • DO NOT select "Perform action on all infections"
  • If you are unsure of any entry found select none for now.
  • When the scan is finished, click the Save report button at the bottom of the screen.
  • Save the report to your desktop
Close Ewido

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Restart back to a normal windows session
Next go to Control Panel click Display > Desktop > Customize Desktop > Web > Uncheck "Security Info" if
present.

Get this free onlines scan and post the results
Kaspersky Lab - Free Online scan:
http://www.kaspersky.com/virusscanner
Click scan settings and place a check next to use [x]extended this database etc etc. Click ok.
Then choose: my computer: scan all your hard drives and mapped disks.
when finished click save as text and post that in your reply.

Post a new HijackThis Log, the contents of the smitfiles.txt log and the Ewido Log by using Add
Reply.
Let us know if any problems persist
 
Lots to do...

Lonny, thank you for your quick response. Now I can "tackle this monster" later today when I get home from work. I have a lot to do... download AdAware etc. I'll post back to the forum the results, per your instructions.
Man I'm psyched ! :dancing-c
 
Ad-Aware problem...

Hello again: After running Spybot & fixing the problems, I tried to open Ad-aware to do a full scan (per your instructions). However it went "out to lunch" on me. It was trying to connect to the Ad-Aware server to look for updates. I left the computer on for 6-hours & nothing happened. I had to do an "end-task" on it before shutting down the PC.
Should I skip this step (running Ad-Aware) & go on to run Ewido?
 
Yes skip that step

Remind us/me later about that ad-aware problem if it still happens later when all cleaned up.
 
Latest results...

As you requested here are the various scan results. Also, to remind you, I tried running Ad-Aware afterwards, and once again it "went out to lunch" looking for updates. According to the Task Manager Ad-Aware was "not responding". I ended the task and continued to this reply.
Oh great! The "Manage Attachments" isn't working. This happened before. I think it only occurs when I'm using my home PC. When I'm at work the "Manage Attachments" button works fine. I will forward my scan result files to my work computer & get back to you.
Thanks again for all your help...
Jim
 
Latest scan results...

Spybot pros: The scan results from Ewido is an empty file. Not sure what happened with that. However, I can say that it appears most of my problems are gone. Thank you all so very, very, much! One thing to note is... the "free" Kaspersky scan wasn't available. I had to download a 30-day free trial in order to run it. My free trial expires at the end of Jan. 2006. In the mean time I will use Kaspersky until I figure out how to get "Active X" controls working. I need them (Active-X) to get the Norton Anti-Virus "Automated Assistant" to function; then I can hopefully debug the problem I am having with their software. I noticed someone posted a problem regarding Norton software that sounds similar to mine; so I will stay abreast of that situation; I may find some answers there. I've also been following the posts regarding Active-X controls.
You "Spybot guys" are awsome! As soon as I recover from the recent holiday "pocket-book" depletion (maybe in a couple weeks) I want you all to know I'll be making a donation ($$) to your work. You're "worth every penny" as the old saying goes. Thank you all again very much!
Respectfully, Jim
 
Yahoos is a seperate browser that uses Internet explorer, perhaps adjusting it and ie's security will help
Re-Adjust your security settings & ActiveX:
Go to Internet Options/Security/Internet(green&blue globe), press 'default level', then OK.
If its not available click the custom level button and change something ok then apply now
use the default button.
Then press Custom Level.
In the ActiveX section,
1rst: prompt or enable
2nd: disable
3rd: disable
4th: Prompt or enable
5th: prompt or enable
Installation of Desktop items" = Prompt
Launching programs and files in a IFRAME = Prompt
click apply > OK
Highlight the restricted zone,click custom level
and disable everything that can be, click OK
then click the advanced tab and
Uncheck: Install on demand (other), click Apply then Ok
http://www.mvps.org/winhelp2002/restricted.htm#Why


Start Hijackthis and place a check next to these items If there.
Close all browser windows and shut down all other programs that show in the taskbar.(even Folders)
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.iquicksearch.net/search.htm
R3 - Default URLSearchHook is missing
O4 - HKLM\..\Run: [SpyBlocs] C:\Program Files\SpyBlocs\SpyBlocs.exe
4 - HKCU\..\Run: [Sguj] C:\WINDOWS\system32\l?gonui.exe
O4 - HKCU\..\Run: [WinFixer] C:\Program Files\WinFixer\WFX5.exe /min
O4 - HKCU\..\Run: [Lndt] "C:\Program Files\bcas\teas.exe" -vt mt
===================================
Hit fix checked and close Hijackthis.
Restart the PC
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
In control panel addremove programs uninstall SpyBlocs (if there)

Set windows to show hidden extensions file's and folder's.
click for> instructions<.

delete these folders if present
C:\Program Files\SpyBlocs
C:\Program Files\WinFixer
C:\Program Files\bcas

Post a new log and let us know of any problems
 
Latest Scan / Log files...

:D Good morning all! I followed your latest instructions (Lonny) last night. I will see if I can get my Norton Anti Virus software working properly this evening. Hopefully the "Active-X" problems are resolved now & I can run Norton's "Automated Assistant". Man! That Kaspersky software is really good. It scrutinizes everything! While performing one of the scans (either Ad-Aware or Ewido); Kaspersky kept popping-up with msgs. several times informing me of Trojan attacks; recommending that I delete them; of course I did. I'm beginning to wonder if I should consider purchasing their product after my 30-day free trial ends; and dump my Norton software. If you have any comment or recomendations I will update my profile so that you can send me an e-mail to my home PC.
Oh yeah, I almost forgot. The Kaspersky scan result simply says no viruses found. No log file to save.
Thanks again to all for your time & expertise!
 
Hi

I dont see anything in that ewido log, was there with any error 's ?

The hijackthis log looks great

To prevent conflict's do not have more that one antivirus installed at a time
Yes i recommend Kaspersky over norton any day :)

Put in place a good hosts file
http://www.mvps.org/winhelp2002/hosts.htm
How To Download and Extract the HOSTS file:
http://www.mvps.org/winhelp2002/hosts2.htm
Replace it about once monthly
How did that go ?
To help avoid reinfection see "So how did I get infected in the first place?"
http://forums.spybot.info/showthread.php?t=279
 
Attachment problem... but I'm OK now!

Lonny: One of the problems I've been having is this... from my home PC, when I am posting a reply, I click on "Manage Attachments"; but nothing happens. Therefore I have to e-mail my (in this case, Ewido) scan results .txt file to where I work. For some strange reason the "Manage Attachments" button works when I'm using this computer. However... I just realized another problem. The Ewido scan file had info. in it when I sent it from my home PC; but when I open the e-mail at work; the Ewido file is empty. I think maybe the company I work for has some kind of anti-virus software running and it is deleting the contents of my file. It's amazing that I didn't lose the contents of my HJT file when I went through this same process in order to get you guys my scan results. But, anyways, I think I'm good to go now! My computer seems to be working fine.
This should be my last post (wishful thinking).
Thanks again to all of you SpyBot "brainiacs" (I mean that in a complimentary way); for all your wise instructions / suggestions.:bigthumb:
Happy New Year to all !!
p/s I won't forget about my donation promise (give me a week or two):)
 
Hi

You could have copy then pasted them here rather that attach.
Maybe Re-Adjusting your security settings & ActiveX will help, did you do that ?
 
Copy & paste test...

Lonny: Yeah, I did reset my active-x IE control settings per instructions.
As for the copy & paste, it doesn't work. I just (right-mouse button) copied the file from my folder on C: drive & came here to this "post reply" window & went to (right-mouse button) paste... but the "paste" function is "greyed out". In fact all (cut, copy & paste) functions are greyed-out (unselectable).
If I could only get my "Manage Attachments" button to work at home as it does here at work... that would just about wrap-up all my problems.
Later man... Jim :confused:
 
Lonny: Duh... why didn't I think of that :o (don't answer that)... it worked!
Here is my Ewido scan result from the other day... :D

---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on: 9:34:07 PM, 12/27/2005
+ Report-Checksum: BCAB4F70

+ Scan result:

C:\Documents and Settings\Gnat.DIX-HOME-PC\Local Settings\Temporary Internet Files\Content.IE5\85ABCDAF\WinTS[1].cab/WToolsS.exe -> Downloader.Wintool.b : Cleaned with backup
C:\Documents and Settings\Gnat.DIX-HOME-PC\Local Settings\Temporary Internet Files\Content.IE5\ET0F2981\hotfix[1].cab/hotfix.exe -> Spyware.WebSearch : Cleaned with backup
C:\Documents and Settings\Gnat.DIX-HOME-PC\Local Settings\Temporary Internet Files\Content.IE5\ET0F2981\newmajorse2[1].cab/newmajorse2.txt -> Spyware.WebSearch : Cleaned with backup
C:\WINDOWS\Temp\~323065.tmp -> Spyware.Wintools : Error during cleaning
C:\WINDOWS\Temp\~770932.tmp -> Spyware.Wintools : Error during cleaning
C:\WINDOWS\Temp\~891705.tmp -> Spyware.Wintools : Error during cleaning


::Report End
 
Hi
Those are probaly inactive files, but lets get them
Use a program such as System Security Suite to clear temps, do so about once or twice a month
http://www.igorshpak.net/
If that site is unavailable use this link please
http://forums.subratam.org/index.php?act=Attach&type=post&id=25013
Extract it from the zip file and run setup.exe
after the install you can delete setup.exe and the downloaded zip file
Start the program Check all the boxes under the 'Items to Clear' (except perhaps cookies) tab and click
'Clear Selected Items'. You will be prompted to reboot, do so.

Run ewido again and post a current log if there are any "Error during cleaning"
messages
Happy new years
 
Back
Top