Spyware, Viruses, & Security forum

General discussion

PLEASE HELP! I have WinFixer without O2-BHO:MSEvents

by lincolnmike / December 15, 2005 3:05 AM PST

Okay, this is about the 10th forum that I have joined to help me with my problem with WinFixer. No one ever responds to my post for some reason. Anyway. I have WinFixer on my computer. It automatically starts when I turn on the computer, it uses about 100% of the CPU ALL the time, makes everything run slow and not respond. However, I do not get a lot of pop ups, but I do get a lot of "pop unders." I tried, like everyone probably initially does, to remove the program from the add/remove section. But, as everyone knows by now, that does not work, as it reinstalls itself. I know that you can use the FixVundo/Virtumundobegone, and I have tried that many times. The problem is (as you can see from the HJT file below) that it does not show the O2-BHO-MSEvents in the log. This makes it so Virtumumdobegone simply does not find anything and closes. I have tried to manually remove the componets as directed in other forums (includeing killing the process associted, unregistering the dlls, cleaning the directories, etc) that I located, the only problem is that, (and it may be because of my inexperience, as I am roughly moderate in terms of knowlede about these types of things) I could not find everything that was listed, so I simply cleaned everything that I found. So after 2 long hours of trying that method twice, I was in dismay once I rebooted, and there you go, the thing reinstalled itself once again.

I have read that if I do not have that particular item in the log file, that means I simply have the "program" or installer and that should be able to be easily deleted using add/remove. Of course that is not true. I have also heard others say that, if you do not have the O2-BHO:MSEvents, then it causes no adverse effects. I know that is a crock. I experience it EVERY DAY. So please, someone look at this HJT log file and tell me what I can do.

LOGFILE OF HIJACKTHIS V1.99.1
SCAN SAVED AT 1:01:07 PM, ON 12/15/2005
PLATFORM: WINDOWS XP SP1 (WINNT 5.01.2600)
MSIE: INTERNET EXPLORER V6.00 SP1 (6.00.2800.1106)

RUNNING PROCESSES:
C:\WINDOWS\SYSTEM32\SMSS.EXE
C:\WINDOWS\SYSTEM32\WINLOGON.EXE
C:\WINDOWS\SYSTEM32\SERVICES.EXE
C:\WINDOWS\SYSTEM32\LSASS.EXE
C:\WINDOWS\SYSTEM32\SVCHOST.EXE
C:\WINDOWS\SYSTEM32\SVCHOST.EXE
C:\WINDOWS\SYSTEM32\LEXBCES.EXE
C:\WINDOWS\SYSTEM32\SPOOLSV.EXE
C:\WINDOWS\SYSTEM32\LEXPPS.EXE
C:\WINDOWS\EXPLORER.EXE
C:\PROGRAM FILES\LEXMARK X74-X75\LXBBBMGR.EXE
C:\PROGRAM FILES\LEXMARK X74-X75\LXBBBMON.EXE
C:\PROGRAM FILES\REAL\REALPLAYER\REALPLAY.EXE
C:\PROGRAM FILES\QUICKTIME\QTTASK.EXE
C:\PROGRAM FILES\COMMON FILES\LOGITECH\QCDRIVER3\LVCOMS.EXE
C:\PROGRA~1\MCAFEE.COM\VSO\MCVSSHLD.EXE
C:\PROGRAM FILES\MCAFEE.COM\AGENT\MCAGENT.EXE
C:\PROGRA~1\MCAFEE.COM\VSO\MCVSESCN.EXE
C:\WINDOWS\SYSTEM32\S3TRAY2.EXE
C:\PROGRAM FILES\MCAFEE.COM\AGENT\MCDETECT.EXE
C:\PROGRA~1\MCAFEE.COM\AGENT\MCTSKSHD.EXE
C:\PROGRA~1\MYWEBS~1\BAR\A.BIN\MWSOEMON.EXE
C:\PROGRAM FILES\MESSENGER\MSMSGS.EXE
C:\PROGRA~1\MCAFEE.COM\VSO\MCVSRTE.EXE
C:\PROGRAM FILES\BIGFIX\BIGFIX.EXE
C:\WINDOWS\SYSTEM32\SLSERV.EXE
C:\WINDOWS\SYSTEM32\SVCHOST.EXE
C:\PROGRA~1\MCAFEE.COM\VSO\MCVSFTSN.EXE
C:\PROGRA~1\MCAFEE.COM\VSO\MCSHIELD.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\SYSTEM32\WUAUCLT.EXE
C:\PROGRAM FILES\YAHOO!\MESSENGER\YPAGER.EXE
C:\WINDOWS\SLRUNDLL.EXE
C:\PROGRAM FILES\MICROSOFT MONEY\SYSTEM\URLMAP.EXE
C:\DOCUMENTS AND SETTINGS\MIKE AND MICHELLE\LOCAL SETTINGS\TEMP\TEMPORARY DIRECTORY 3 FOR HIJACKTHIS.ZIP\HIJACKTHIS.EXE

R1 - HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN,DEFAULT_PAGE_URL = HTTP://WWW.EMACHINES.COM
R1 - HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN,SEARCH BAR = HTTP://US.RD.YAHOO.COM/CUSTOMIZE/IE/DEFAULTS/SB/MSGR7/*HTTP://WWW.YAHOO.COM/EXT/SEARCH/SEARCH.HTML
R1 - HKCU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHURL,(DEFAULT) = HTTP://US.RD.YAHOO.COM/CUSTOMIZE/IE/DEFAULTS/SU/MSGR7/*HTTP://WWW.YAHOO.COM
R3 - URLSEARCHHOOK: (NO NAME) - {00A6FAF6-072E-44CF-8957-5838F569A31D} - C:\PROGRAM FILES\MYWEBSEARCH\SRCHASTT\2.BIN\MWSSRCAS.DLL
F3 - REG:WIN.INI: LOAD=C:\MUSICRCK\MIXERON.EXE
O2 - BHO: MYWEBSEARCH SEARCH ASSISTANT BHO - {00A6FAF1-072E-44CF-8957-5838F569A31D} - C:\PROGRAM FILES\MYWEBSEARCH\SRCHASTT\2.BIN\MWSSRCAS.DLL
O2 - BHO: YAHOO! COMPANION BHO - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\PROGRA~1\YAHOO!\COMPAN~1\INSTALLS\CPN\YCOMP5_5_7_0.DLL
O2 - BHO: ACROIEHLPROBJ CLASS - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: MWSBAR BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\PROGRAM FILES\MYWEBSEARCH\BAR\A.BIN\MWSBAR.DLL
O2 - BHO: (NO NAME) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (NO FILE)
O2 - BHO: (NO NAME) - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - (NO FILE)
O2 - BHO: (NO NAME) - {FDD3B846-8D59-4FFB-8758-209B6AD74ACC} - C:\PROGRAM FILES\MICROSOFT MONEY\SYSTEM\MNYVIEWER.DLL
O3 - TOOLBAR: &RADIO - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM32\MSDXM.OCX
O3 - TOOLBAR: &YAHOO! COMPANION - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\YAHOO!\COMPAN~1\INSTALLS\CPN\YCOMP5_5_7_0.DLL
O3 - TOOLBAR: MCAFEE VIRUSSCAN - {BA52B914-B692-46C4-B683-905236F6F655} - C:\PROGRA~1\MCAFEE.COM\VSO\MCVSSHL.DLL
O4 - HKLM\..\RUN: [LEXMARK X74-X75] "C:\PROGRAM FILES\LEXMARK X74-X75\LXBBBMGR.EXE"
O4 - HKLM\..\RUN: [REALTRAY] C:\PROGRAM FILES\REAL\REALPLAYER\REALPLAY.EXE SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\RUN: [QUICKTIME TASK] "C:\PROGRAM FILES\QUICKTIME\QTTASK.EXE" -ATBOOTTIME
O4 - HKLM\..\RUN: [LVCOMS] C:\PROGRAM FILES\COMMON FILES\LOGITECH\QCDRIVER3\LVCOMS.EXE
O4 - HKLM\..\RUN: [VSOCHECKTASK] "C:\PROGRA~1\MCAFEE.COM\VSO\MCMNHDLR.EXE" /CHECKTASK
O4 - HKLM\..\RUN: [VIRUSSCAN ONLINE] "C:\PROGRA~1\MCAFEE.COM\VSO\MCVSSHLD.EXE"
O4 - HKLM\..\RUN: [MCAGENTEXE] C:\PROGRA~1\MCAFEE.COM\AGENT\MCAGENT.EXE
O4 - HKLM\..\RUN: [MCUPDATEEXE] C:\PROGRA~1\MCAFEE.COM\AGENT\MCUPDATE.EXE
O4 - HKLM\..\RUN: [S3TRAY2] S3TRAY2.EXE
O4 - HKLM\..\RUN: [NI.UWFX5] "C:\WINDOWS\DOWNLOADED PROGRAM FILES\UWFX5NETINSTALLER.EXE"
O4 - HKLM\..\RUN: [MYWEBSEARCH EMAIL PLUGIN] C:\PROGRA~1\MYWEBS~1\BAR\A.BIN\MWSOEMON.EXE
O4 - HKLM\..\RUNONCE: [DELDIR0.EXE] "C:\DOCUME~1\MIKEAN~1\LOCALS~1\TEMP\DELDIR0.EXE" "C:\PROGRAM FILES\MCAFEE\MCAFEE SHARED COMPONENTS\GUARDIAN\"
O4 - HKLM\..\RUNONCE: [INNOSETUPREGFILE.0000000001] C:\WINDOWS\IS-0MQKG.EXE /REG
O4 - HKCU\..\RUN: [MICROSOFT WORKS UPDATE DETECTION] C:\PROGRAM FILES\MICROSOFT WORKS\WKDETECT.EXE
O4 - HKCU\..\RUN: [YAHOO! PAGER] "C:\PROGRAM FILES\YAHOO!\MESSENGER\YPAGER.EXE" -QUIET
O4 - HKCU\..\RUN: [MSMSGS] "C:\PROGRAM FILES\MESSENGER\MSMSGS.EXE" /BACKGROUND
O4 - HKCU\..\RUN: [MYWEBSEARCH EMAIL PLUGIN] C:\PROGRA~1\MYWEBS~1\BAR\A.BIN\MWSOEMON.EXE
O4 - HKCU\..\RUN: [WINFIXER2005] C:\PROGRAM FILES\WINFIXER2005\UWFX5.EXE /SCAN
O4 - STARTUP: MYWEBSEARCH EMAIL PLUGIN.LNK = C:\PROGRAM FILES\MYWEBSEARCH\BAR\A.BIN\MWSOEMON.EXE
O4 - STARTUP: POWERREG SCHEDULER.EXE
O4 - STARTUP: REGISTRATION THE SECRET OF THE SILVER EARRING.LNK = D:\SUPPORT\REGISTRATIONREMINDER.EXE
O4 - GLOBAL STARTUP: BIGFIX.LNK = C:\PROGRAM FILES\BIGFIX\BIGFIX.EXE
O4 - GLOBAL STARTUP: MYWEBSEARCH EMAIL PLUGIN.LNK = C:\PROGRAM FILES\MYWEBSEARCH\BAR\A.BIN\MWSOEMON.EXE
O8 - EXTRA CONTEXT MENU ITEM: &AOL TOOLBAR SEARCH - RES://C:\PROGRAM FILES\AOL TOOLBAR\TOOLBAR.DLL/SEARCH.HTML
O8 - EXTRA CONTEXT MENU ITEM: &SEARCH - HTTP://BAR.MYWEBSEARCH.COM/MENUSEARCH.HTML?P=ZS
O8 - EXTRA CONTEXT MENU ITEM: E&XPORT TO MICROSOFT EXCEL - RES://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - EXTRA BUTTON: SPYWARE DOCTOR - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\WINDOWS\SYSTEM32\SHDOCVW.DLL
O9 - EXTRA BUTTON: ICQ - {6224F700-CBA3-4071-B251-47CB894244CD} - C:\PROGRAM FILES\ICQ\ICQ.EXE
O9 - EXTRA 'TOOLS' MENUITEM: ICQ - {6224F700-CBA3-4071-B251-47CB894244CD} - C:\PROGRAM FILES\ICQ\ICQ.EXE
O9 - EXTRA BUTTON: RESEARCH - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - EXTRA BUTTON: AIM - {AC9E2541-2814-11D5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\AIM.EXE
O9 - EXTRA BUTTON: RELATED - {C95FE080-8F5D-11D2-A20B-00AA003C157A} - C:\WINDOWS\WEB\RELATED.HTM
O9 - EXTRA 'TOOLS' MENUITEM: SHOW &RELATED LINKS - {C95FE080-8F5D-11D2-A20B-00AA003C157A} - C:\WINDOWS\WEB\RELATED.HTM
O9 - EXTRA BUTTON: REAL.COM - {CD67F990-D8E9-11D2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM32\SHDOCVW.DLL
O9 - EXTRA BUTTON: MONEYSIDE - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\PROGRAM FILES\MICROSOFT MONEY\SYSTEM\MNYVIEWER.DLL
O9 - EXTRA BUTTON: YAHOO! MESSENGER - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\YAHOO!\MESSEN~1\YPAGER.EXE
O9 - EXTRA 'TOOLS' MENUITEM: YAHOO! MESSENGER - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\YAHOO!\MESSEN~1\YPAGER.EXE
O9 - EXTRA BUTTON: MESSENGER - {FB5F1910-F110-11D2-BB9E-00C04F795683} - C:\PROGRAM FILES\MESSENGER\MSMSGS.EXE
O9 - EXTRA 'TOOLS' MENUITEM: WINDOWS MESSENGER - {FB5F1910-F110-11D2-BB9E-00C04F795683} - C:\PROGRAM FILES\MESSENGER\MSMSGS.EXE
O12 - PLUGIN FOR .SPOP: C:\PROGRAM FILES\INTERNET EXPLORER\PLUGINS\NPDOCBOX.DLL
O14 - IERESET.INF: START_PAGE_URL=HTTP://WWW.EMACHINES.COM
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - HTTP://AK.IMGFARM.COM/IMAGES/NOCACHE/FU...0.0.15.CAB
O17 - HKLM\SYSTEM\CCS\SERVICES\TCPIP\..\{806E0E43-9B8A-4B01-ABCD-198F791C3C2E}: NAMESERVER = 205.166.61.160,205.166.61.140
O23 - SERVICE: LEXBCE SERVER (LEXBCES) - LEXMARK INTERNATIONAL, INC. - C:\WINDOWS\SYSTEM32\LEXBCES.EXE
O23 - SERVICE: MCAFEE WSC INTEGRATION (MCDETECT.EXE) - MCAFEE, INC - C:\PROGRAM FILES\MCAFEE.COM\AGENT\MCDETECT.EXE
O23 - SERVICE: MCAFEE.COM MCSHIELD (MCSHIELD) - UNKNOWN OWNER - C:\PROGRA~1\MCAFEE.COM\VSO\MCSHIELD.EXE
O23 - SERVICE: MCAFEE TASK SCHEDULER (MCTSKSHD.EXE) - MCAFEE, INC - C:\PROGRA~1\MCAFEE.COM\AGENT\MCTSKSHD.EXE
O23 - SERVICE: MCAFEE SECURITYCENTER UPDATE MANAGER (MCUPDMGR.EXE) - MCAFEE, INC - C:\PROGRA~1\MCAFEE.COM\AGENT\MCUPDMGR.EXE
O23 - SERVICE: MCAFEE.COM VIRUSSCAN ONLINE REALTIME ENGINE (MCVSRTE) - NETWORKS ASSOCIATES TECHNOLOGY, INC - C:\PROGRA~1\MCAFEE.COM\VSO\MCVSRTE.EXE
O23 - SERVICE: SMARTLINKSERVICE (SLSERVICE) - - C:\WINDOWS\SYSTEM32\SLSERV.EXE

Discussion is locked
You are posting a reply to: PLEASE HELP! I have WinFixer without O2-BHO:MSEvents
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: PLEASE HELP! I have WinFixer without O2-BHO:MSEvents
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
Some info for you Mike
by steve11375 / December 15, 2005 6:05 AM PST

Hi Mike,

First of all the moderators here suggest you do NOT post HJT logs, but this is your first post so I'm sure you didn't realize that. I'll let the Mods explain this...

Second, it looks like you have McAfee and McAfee seems to know about Winfixer 2005 and seems to have a fix? http://search.mcafee.com/search?getfields=description&site=AllTopics&output=xml_no_dtd&proxystylesheet=default_frontend&client=default_frontend&q=winfixer

Third, Symantec (Norton) know's about it as well and has some fairly detailed registry "Surgery" needed to manually remove it as well. Look here: http://securityresponse.symantec.com/avcenter/venc/data/winfixer.html

Hope some of that helps,

Steve

Collapse -
Hi Mike, please follow Steve's advise and
by roddy32 / December 15, 2005 7:17 AM PST
Popular Forums
icon
Computer Newbies 10,686 discussions
icon
Computer Help 54,365 discussions
icon
Laptops 21,181 discussions
icon
Networking & Wireless 16,313 discussions
icon
Phones 17,137 discussions
icon
Security 31,287 discussions
icon
TVs & Home Theaters 22,101 discussions
icon
Windows 7 8,164 discussions
icon
Windows 10 2,657 discussions

Does BMW or Volvo do it best?

Pint-size luxury and funky style

Shopping for a new car this weekend? See how the BMW X2 stacks up against the Volvo XC40 in our side-by-side comparison.