Page 1 of 3 123 LastLast
Results 1 to 10 of 29

Thread: Help...Another victim of winfixer2005

  1. #1
    Junior Member
    Join Date
    Dec 2005
    Location
    Orange County, CA
    Posts
    20

    Exclamation Help...Another victim of winfixer2005

    I will appreciate very much any tricks you can show this "old dog". I am definitely motivated to learn; out of shear frustration; believe me! Here is the log file from HijackThis...
    OK... never mind that. I can't copy & paste my log file (with a .txt file extension). It looks like you guys have to give me the "browse" button permission before I can make any attachments.
    I will forward my log file to my work e-mail address so that I can continue working with you guys tomorrow. Simply reply to my query through this forum; due to the fact I cannot read my "home" e-mail from my computer at work.
    Thanks SpyBot folks, you are awsome !!

  2. #2
    Member of Team Spybot tashi's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    30,693

    Default

    Quote Originally Posted by Jeemy-Boy
    I can't copy & paste my log file (with a .txt file extension). <snip>
    Thanks SpyBot folks, you are awsome !!
    Hi there and thank you.

    Have you tried this:
    • Double click HijackThis.exe.
    • Hit None Of The Above, just start the program.
    • Hit Scan.
    • When the scan is finished, the "Scan" button will change into a "Save Log" button.
    • Click that, save the log somewhere, and copy/paste the HJT log.

    Before you post a log
    Microsoft MVP Reconnect 2018-
    Windows Insider MVP 2016-2018
    Microsoft Consumer Security MVP 2006-2016

  3. #3
    Junior Member
    Join Date
    Dec 2005
    Location
    Orange County, CA
    Posts
    20

    Default Attn: Tashi... getting you my log file is the ?

    Hi Tashi: I didn't have any problem running & creating my HighJackThis log. My problem is this... according to the "Attachment" instructions SpyBot provides; it says to select "Browse" at the bottom of the window one is in when creating a "thread" to post. But there is no "Browse" button anywhere to be found. So... how do I give you my log file?
    Any chance you can reply to this msg. before I leave work at 2:45-pm PST?
    Thanks again... Jim

  4. #4
    Security Expert-Emeritus
    Join Date
    Oct 2005
    Posts
    5,025

    Default

    Hi

    You could post it into a reply, if the log is to large post half in one reply half in another

  5. #5
    Junior Member
    Join Date
    Dec 2005
    Location
    Orange County, CA
    Posts
    20

    Smile HJT log file follows...

    Wow !! This time it worked. I clicked on "Manage Attachments" and another window opened. Great ! Here you go...
    Looking forward to reading your words of wisdom.
    Thanks again !!

  6. #6
    Security Expert-Emeritus
    Join Date
    Oct 2005
    Posts
    5,025

    Default

    Go start run and type in
    sc delete TBPSSvc
    press ok or enter

    Download smitRem.exe and save the file to your
    desktop. (By noahdfear.)
    Double click on the file to extract it to it's own folder on the desktop.

    Please download the trial version of Ewido Security Suite here:
    install then from within the program check for updates BUT dont scan yet
    ewido security suite: http://www.ewido.net/en/download/
    When installing, under "Additional Options" uncheck "Install background guard" and "Install scan via context menu".
    When you run ewido for the first time, you will get a warning "Database could not be found!". Click OK.
    We will fix this in a moment.
    From the main ewido screen, click on update in the left menu, then click the Start update button.
    After the update finishes (the status bar at the bottom will display "Update successful"), Now close the program.
    Do NOT run a scan yet.

    If you have not already installed Ad-Aware SE 1.06, follow these download and setup instructions, otherwise, check for
    updates: Ad-Aware SE Setup
    Don't run it yet!

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Next, please reboot your computer in SafeMode by doing the following:
    1. Restart your computer
    2. After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
    3. Instead of Windows loading as normal, a menu should appear
    4. Select the first option, to run Windows in Safe Mode.
    Start Hijackthis and place a check next to these items If there.
    R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.iquicksearch.net/search.htm
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.websearch.com/ie.aspx?tb_id=50141
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.websearch.com/ie.aspx?tb_id=50141
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = res://C:\PROGRA~1\Toolbar\toolbar.dll/sa
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.websearch.com/ie.aspx?tb_id=50141
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = res://C:\PROGRA~1\Toolbar\toolbar.dll/sa
    R3 - URLSearchHook: (no name) - {8952A998-1E7E-4716-B23D-3DBE03910972} - C:\PROGRA~1\Toolbar\toolbar.dll
    O2 - BHO: (no name) - {8952A998-1E7E-4716-B23D-3DBE03910972} - C:\PROGRA~1\Toolbar\toolbar.dll
    O3 - Toolbar: &WebSearch Toolbar - {339BB23F-A864-48C0-A59F-29EA915965EC} - C:\PROGRA~1\Toolbar\toolbar.dll
    O4 - HKLM\..\Run: [FNI.WFX5AS_0001_0818] "C:\DOCUME~1\JDix\LOCALS~1\Temp\WFX1.exe"
    O4 - HKLM\..\Run: [WinFixer helper] C:\Program Files\WinFixer\wfxcwr.exe
    O4 - HKLM\..\Run: [ICF] "C:\Program Files\Internet Content Filter\TheApp.exe"
    O4 - HKLM\..\Run: [TBPS] C:\PROGRA~1\Toolbar\TBPS.exe
    O4 - HKCU\..\Run: [Sguj] C:\WINDOWS\system32\l?gonui.exe
    O4 - HKCU\..\Run: [WinFixer] C:\Program Files\WinFixer\WFX5.exe /min
    O4 - HKCU\..\Run: [Lndt] "C:\Program Files\bcas\teas.exe" -vt mt
    O15 - Trusted Zone: *.05p.com (HKLM)
    O15 - Trusted Zone: *.scoobidoo.com (HKLM)
    O15 - Trusted IP range: 206.161.125.149 (HKLM)
    O18 - Protocol: tpro - {FF76A5DA-6158-4439-99FF-EDC1B3FE100C} - C:\PROGRA~1\Toolbar\toolbar.dll
    O23 - Service: WebSeach Toolbar support NT service (TBPSSvc) - WebSearch - C:\PROGRA~1\Toolbar\TBPSSvc.exe

    ====================================
    Hit fix checked and close Hijackthis.

    Open the smitRem folder, then double click the RunThis.bat file to start the tool. Follow the prompts on
    screen.
    Wait for the tool to complete and disk cleanup to finish.
    The tool will create a log named smitfiles.txt in the root of your drive, eg; Local Disk C: or partition where your
    operating system is installed. Please post that log along with all others requested in your next reply.

    Open Spybot check for and fix any problems found.
    Open Ad-aware and do a full scan. Remove all it finds.

    Run Ewido:
    • Click on scanner
    • Click on Complete System Scan and the scan will begin.
    • NOTE: During some scans with ewido it is finding cases of false positives.
    • You will need to step through the process of cleaning files one-by-one.
    • If ewido detects a file you KNOW to be legitimate, select none as the action.
    • DO NOT select "Perform action on all infections"
    • If you are unsure of any entry found select none for now.
    • When the scan is finished, click the Save report button at the bottom of the screen.
    • Save the report to your desktop
    Close Ewido

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Restart back to a normal windows session
    Next go to Control Panel click Display > Desktop > Customize Desktop > Web > Uncheck "Security Info" if
    present.

    Get this free onlines scan and post the results
    Kaspersky Lab - Free Online scan:
    http://www.kaspersky.com/virusscanner
    Click scan settings and place a check next to use [x]extended this database etc etc. Click ok.
    Then choose: my computer: scan all your hard drives and mapped disks.
    when finished click save as text and post that in your reply.

    Post a new HijackThis Log, the contents of the smitfiles.txt log and the Ewido Log by using Add
    Reply.
    Let us know if any problems persist

  7. #7
    Junior Member
    Join Date
    Dec 2005
    Location
    Orange County, CA
    Posts
    20

    Default Lots to do...

    Lonny, thank you for your quick response. Now I can "tackle this monster" later today when I get home from work. I have a lot to do... download AdAware etc. I'll post back to the forum the results, per your instructions.
    Man I'm psyched ! :dancing-c

  8. #8
    Junior Member
    Join Date
    Dec 2005
    Location
    Orange County, CA
    Posts
    20

    Default Ad-Aware problem...

    Hello again: After running Spybot & fixing the problems, I tried to open Ad-aware to do a full scan (per your instructions). However it went "out to lunch" on me. It was trying to connect to the Ad-Aware server to look for updates. I left the computer on for 6-hours & nothing happened. I had to do an "end-task" on it before shutting down the PC.
    Should I skip this step (running Ad-Aware) & go on to run Ewido?

  9. #9
    Security Expert-Emeritus
    Join Date
    Oct 2005
    Posts
    5,025

    Default

    Yes skip that step

    Remind us/me later about that ad-aware problem if it still happens later when all cleaned up.

  10. #10
    Junior Member
    Join Date
    Dec 2005
    Location
    Orange County, CA
    Posts
    20

    Default Latest results...

    As you requested here are the various scan results. Also, to remind you, I tried running Ad-Aware afterwards, and once again it "went out to lunch" looking for updates. According to the Task Manager Ad-Aware was "not responding". I ended the task and continued to this reply.
    Oh great! The "Manage Attachments" isn't working. This happened before. I think it only occurs when I'm using my home PC. When I'm at work the "Manage Attachments" button works fine. I will forward my scan result files to my work computer & get back to you.
    Thanks again for all your help...
    Jim

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •