Thank you for being a valued part of the CNET community. As of December 1, 2020, the forums are in read-only format. In early 2021, CNET Forums will no longer be available. We are grateful for the participation and advice you have provided to one another over the years.

Thanks,

CNET Support

General discussion

PLEASE HELP! I have WinFixer without O2-BHO:MSEvents

by lincolnmike Dec 15, 2005 3:05AM PST

Okay, this is about the 10th forum that I have joined to help me with my problem with WinFixer. No one ever responds to my post for some reason. Anyway. I have WinFixer on my computer. It automatically starts when I turn on the computer, it uses about 100% of the CPU ALL the time, makes everything run slow and not respond. However, I do not get a lot of pop ups, but I do get a lot of "pop unders." I tried, like everyone probably initially does, to remove the program from the add/remove section. But, as everyone knows by now, that does not work, as it reinstalls itself. I know that you can use the FixVundo/Virtumundobegone, and I have tried that many times. The problem is (as you can see from the HJT file below) that it does not show the O2-BHO-MSEvents in the log. This makes it so Virtumumdobegone simply does not find anything and closes. I have tried to manually remove the componets as directed in other forums (includeing killing the process associted, unregistering the dlls, cleaning the directories, etc) that I located, the only problem is that, (and it may be because of my inexperience, as I am roughly moderate in terms of knowlede about these types of things) I could not find everything that was listed, so I simply cleaned everything that I found. So after 2 long hours of trying that method twice, I was in dismay once I rebooted, and there you go, the thing reinstalled itself once again.

I have read that if I do not have that particular item in the log file, that means I simply have the "program" or installer and that should be able to be easily deleted using add/remove. Of course that is not true. I have also heard others say that, if you do not have the O2-BHO:MSEvents, then it causes no adverse effects. I know that is a crock. I experience it EVERY DAY. So please, someone look at this HJT log file and tell me what I can do.

LOGFILE OF HIJACKTHIS V1.99.1
SCAN SAVED AT 1:01:07 PM, ON 12/15/2005
PLATFORM: WINDOWS XP SP1 (WINNT 5.01.2600)
MSIE: INTERNET EXPLORER V6.00 SP1 (6.00.2800.1106)

RUNNING PROCESSES:
C:\WINDOWS\SYSTEM32\SMSS.EXE
C:\WINDOWS\SYSTEM32\WINLOGON.EXE
C:\WINDOWS\SYSTEM32\SERVICES.EXE
C:\WINDOWS\SYSTEM32\LSASS.EXE
C:\WINDOWS\SYSTEM32\SVCHOST.EXE
C:\WINDOWS\SYSTEM32\SVCHOST.EXE
C:\WINDOWS\SYSTEM32\LEXBCES.EXE
C:\WINDOWS\SYSTEM32\SPOOLSV.EXE
C:\WINDOWS\SYSTEM32\LEXPPS.EXE
C:\WINDOWS\EXPLORER.EXE
C:\PROGRAM FILES\LEXMARK X74-X75\LXBBBMGR.EXE
C:\PROGRAM FILES\LEXMARK X74-X75\LXBBBMON.EXE
C:\PROGRAM FILES\REAL\REALPLAYER\REALPLAY.EXE
C:\PROGRAM FILES\QUICKTIME\QTTASK.EXE
C:\PROGRAM FILES\COMMON FILES\LOGITECH\QCDRIVER3\LVCOMS.EXE
C:\PROGRA~1\MCAFEE.COM\VSO\MCVSSHLD.EXE
C:\PROGRAM FILES\MCAFEE.COM\AGENT\MCAGENT.EXE
C:\PROGRA~1\MCAFEE.COM\VSO\MCVSESCN.EXE
C:\WINDOWS\SYSTEM32\S3TRAY2.EXE
C:\PROGRAM FILES\MCAFEE.COM\AGENT\MCDETECT.EXE
C:\PROGRA~1\MCAFEE.COM\AGENT\MCTSKSHD.EXE
C:\PROGRA~1\MYWEBS~1\BAR\A.BIN\MWSOEMON.EXE
C:\PROGRAM FILES\MESSENGER\MSMSGS.EXE
C:\PROGRA~1\MCAFEE.COM\VSO\MCVSRTE.EXE
C:\PROGRAM FILES\BIGFIX\BIGFIX.EXE
C:\WINDOWS\SYSTEM32\SLSERV.EXE
C:\WINDOWS\SYSTEM32\SVCHOST.EXE
C:\PROGRA~1\MCAFEE.COM\VSO\MCVSFTSN.EXE
C:\PROGRA~1\MCAFEE.COM\VSO\MCSHIELD.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\SYSTEM32\WUAUCLT.EXE
C:\PROGRAM FILES\YAHOO!\MESSENGER\YPAGER.EXE
C:\WINDOWS\SLRUNDLL.EXE
C:\PROGRAM FILES\MICROSOFT MONEY\SYSTEM\URLMAP.EXE
C:\DOCUMENTS AND SETTINGS\MIKE AND MICHELLE\LOCAL SETTINGS\TEMP\TEMPORARY DIRECTORY 3 FOR HIJACKTHIS.ZIP\HIJACKTHIS.EXE

R1 - HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN,DEFAULT_PAGE_URL = HTTP://WWW.EMACHINES.COM
R1 - HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN,SEARCH BAR = HTTP://US.RD.YAHOO.COM/CUSTOMIZE/IE/DEFAULTS/SB/MSGR7/*HTTP://WWW.YAHOO.COM/EXT/SEARCH/SEARCH.HTML
R1 - HKCU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHURL,(DEFAULT) = HTTP://US.RD.YAHOO.COM/CUSTOMIZE/IE/DEFAULTS/SU/MSGR7/*HTTP://WWW.YAHOO.COM
R3 - URLSEARCHHOOK: (NO NAME) - {00A6FAF6-072E-44CF-8957-5838F569A31D} - C:\PROGRAM FILES\MYWEBSEARCH\SRCHASTT\2.BIN\MWSSRCAS.DLL
F3 - REG:WIN.INI: LOAD=C:\MUSICRCK\MIXERON.EXE
O2 - BHO: MYWEBSEARCH SEARCH ASSISTANT BHO - {00A6FAF1-072E-44CF-8957-5838F569A31D} - C:\PROGRAM FILES\MYWEBSEARCH\SRCHASTT\2.BIN\MWSSRCAS.DLL
O2 - BHO: YAHOO! COMPANION BHO - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\PROGRA~1\YAHOO!\COMPAN~1\INSTALLS\CPN\YCOMP5_5_7_0.DLL
O2 - BHO: ACROIEHLPROBJ CLASS - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: MWSBAR BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\PROGRAM FILES\MYWEBSEARCH\BAR\A.BIN\MWSBAR.DLL
O2 - BHO: (NO NAME) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (NO FILE)
O2 - BHO: (NO NAME) - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - (NO FILE)
O2 - BHO: (NO NAME) - {FDD3B846-8D59-4FFB-8758-209B6AD74ACC} - C:\PROGRAM FILES\MICROSOFT MONEY\SYSTEM\MNYVIEWER.DLL
O3 - TOOLBAR: &RADIO - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM32\MSDXM.OCX
O3 - TOOLBAR: &YAHOO! COMPANION - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\YAHOO!\COMPAN~1\INSTALLS\CPN\YCOMP5_5_7_0.DLL
O3 - TOOLBAR: MCAFEE VIRUSSCAN - {BA52B914-B692-46C4-B683-905236F6F655} - C:\PROGRA~1\MCAFEE.COM\VSO\MCVSSHL.DLL
O4 - HKLM\..\RUN: [LEXMARK X74-X75] "C:\PROGRAM FILES\LEXMARK X74-X75\LXBBBMGR.EXE"
O4 - HKLM\..\RUN: [REALTRAY] C:\PROGRAM FILES\REAL\REALPLAYER\REALPLAY.EXE SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\RUN: [QUICKTIME TASK] "C:\PROGRAM FILES\QUICKTIME\QTTASK.EXE" -ATBOOTTIME
O4 - HKLM\..\RUN: [LVCOMS] C:\PROGRAM FILES\COMMON FILES\LOGITECH\QCDRIVER3\LVCOMS.EXE
O4 - HKLM\..\RUN: [VSOCHECKTASK] "C:\PROGRA~1\MCAFEE.COM\VSO\MCMNHDLR.EXE" /CHECKTASK
O4 - HKLM\..\RUN: [VIRUSSCAN ONLINE] "C:\PROGRA~1\MCAFEE.COM\VSO\MCVSSHLD.EXE"
O4 - HKLM\..\RUN: [MCAGENTEXE] C:\PROGRA~1\MCAFEE.COM\AGENT\MCAGENT.EXE
O4 - HKLM\..\RUN: [MCUPDATEEXE] C:\PROGRA~1\MCAFEE.COM\AGENT\MCUPDATE.EXE
O4 - HKLM\..\RUN: [S3TRAY2] S3TRAY2.EXE
O4 - HKLM\..\RUN: [NI.UWFX5] "C:\WINDOWS\DOWNLOADED PROGRAM FILES\UWFX5NETINSTALLER.EXE"
O4 - HKLM\..\RUN: [MYWEBSEARCH EMAIL PLUGIN] C:\PROGRA~1\MYWEBS~1\BAR\A.BIN\MWSOEMON.EXE
O4 - HKLM\..\RUNONCE: [DELDIR0.EXE] "C:\DOCUME~1\MIKEAN~1\LOCALS~1\TEMP\DELDIR0.EXE" "C:\PROGRAM FILES\MCAFEE\MCAFEE SHARED COMPONENTS\GUARDIAN\"
O4 - HKLM\..\RUNONCE: [INNOSETUPREGFILE.0000000001] C:\WINDOWS\IS-0MQKG.EXE /REG
O4 - HKCU\..\RUN: [MICROSOFT WORKS UPDATE DETECTION] C:\PROGRAM FILES\MICROSOFT WORKS\WKDETECT.EXE
O4 - HKCU\..\RUN: [YAHOO! PAGER] "C:\PROGRAM FILES\YAHOO!\MESSENGER\YPAGER.EXE" -QUIET
O4 - HKCU\..\RUN: [MSMSGS] "C:\PROGRAM FILES\MESSENGER\MSMSGS.EXE" /BACKGROUND
O4 - HKCU\..\RUN: [MYWEBSEARCH EMAIL PLUGIN] C:\PROGRA~1\MYWEBS~1\BAR\A.BIN\MWSOEMON.EXE
O4 - HKCU\..\RUN: [WINFIXER2005] C:\PROGRAM FILES\WINFIXER2005\UWFX5.EXE /SCAN
O4 - STARTUP: MYWEBSEARCH EMAIL PLUGIN.LNK = C:\PROGRAM FILES\MYWEBSEARCH\BAR\A.BIN\MWSOEMON.EXE
O4 - STARTUP: POWERREG SCHEDULER.EXE
O4 - STARTUP: REGISTRATION THE SECRET OF THE SILVER EARRING.LNK = D:\SUPPORT\REGISTRATIONREMINDER.EXE
O4 - GLOBAL STARTUP: BIGFIX.LNK = C:\PROGRAM FILES\BIGFIX\BIGFIX.EXE
O4 - GLOBAL STARTUP: MYWEBSEARCH EMAIL PLUGIN.LNK = C:\PROGRAM FILES\MYWEBSEARCH\BAR\A.BIN\MWSOEMON.EXE
O8 - EXTRA CONTEXT MENU ITEM: &AOL TOOLBAR SEARCH - RES://C:\PROGRAM FILES\AOL TOOLBAR\TOOLBAR.DLL/SEARCH.HTML
O8 - EXTRA CONTEXT MENU ITEM: &SEARCH - HTTP://BAR.MYWEBSEARCH.COM/MENUSEARCH.HTML?P=ZS
O8 - EXTRA CONTEXT MENU ITEM: E&XPORT TO MICROSOFT EXCEL - RES://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - EXTRA BUTTON: SPYWARE DOCTOR - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\WINDOWS\SYSTEM32\SHDOCVW.DLL
O9 - EXTRA BUTTON: ICQ - {6224F700-CBA3-4071-B251-47CB894244CD} - C:\PROGRAM FILES\ICQ\ICQ.EXE
O9 - EXTRA 'TOOLS' MENUITEM: ICQ - {6224F700-CBA3-4071-B251-47CB894244CD} - C:\PROGRAM FILES\ICQ\ICQ.EXE
O9 - EXTRA BUTTON: RESEARCH - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - EXTRA BUTTON: AIM - {AC9E2541-2814-11D5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\AIM.EXE
O9 - EXTRA BUTTON: RELATED - {C95FE080-8F5D-11D2-A20B-00AA003C157A} - C:\WINDOWS\WEB\RELATED.HTM
O9 - EXTRA 'TOOLS' MENUITEM: SHOW &RELATED LINKS - {C95FE080-8F5D-11D2-A20B-00AA003C157A} - C:\WINDOWS\WEB\RELATED.HTM
O9 - EXTRA BUTTON: REAL.COM - {CD67F990-D8E9-11D2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM32\SHDOCVW.DLL
O9 - EXTRA BUTTON: MONEYSIDE - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\PROGRAM FILES\MICROSOFT MONEY\SYSTEM\MNYVIEWER.DLL
O9 - EXTRA BUTTON: YAHOO! MESSENGER - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\YAHOO!\MESSEN~1\YPAGER.EXE
O9 - EXTRA 'TOOLS' MENUITEM: YAHOO! MESSENGER - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\YAHOO!\MESSEN~1\YPAGER.EXE
O9 - EXTRA BUTTON: MESSENGER - {FB5F1910-F110-11D2-BB9E-00C04F795683} - C:\PROGRAM FILES\MESSENGER\MSMSGS.EXE
O9 - EXTRA 'TOOLS' MENUITEM: WINDOWS MESSENGER - {FB5F1910-F110-11D2-BB9E-00C04F795683} - C:\PROGRAM FILES\MESSENGER\MSMSGS.EXE
O12 - PLUGIN FOR .SPOP: C:\PROGRAM FILES\INTERNET EXPLORER\PLUGINS\NPDOCBOX.DLL
O14 - IERESET.INF: START_PAGE_URL=HTTP://WWW.EMACHINES.COM
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - HTTP://AK.IMGFARM.COM/IMAGES/NOCACHE/FU...0.0.15.CAB
O17 - HKLM\SYSTEM\CCS\SERVICES\TCPIP\..\{806E0E43-9B8A-4B01-ABCD-198F791C3C2E}: NAMESERVER = 205.166.61.160,205.166.61.140
O23 - SERVICE: LEXBCE SERVER (LEXBCES) - LEXMARK INTERNATIONAL, INC. - C:\WINDOWS\SYSTEM32\LEXBCES.EXE
O23 - SERVICE: MCAFEE WSC INTEGRATION (MCDETECT.EXE) - MCAFEE, INC - C:\PROGRAM FILES\MCAFEE.COM\AGENT\MCDETECT.EXE
O23 - SERVICE: MCAFEE.COM MCSHIELD (MCSHIELD) - UNKNOWN OWNER - C:\PROGRA~1\MCAFEE.COM\VSO\MCSHIELD.EXE
O23 - SERVICE: MCAFEE TASK SCHEDULER (MCTSKSHD.EXE) - MCAFEE, INC - C:\PROGRA~1\MCAFEE.COM\AGENT\MCTSKSHD.EXE
O23 - SERVICE: MCAFEE SECURITYCENTER UPDATE MANAGER (MCUPDMGR.EXE) - MCAFEE, INC - C:\PROGRA~1\MCAFEE.COM\AGENT\MCUPDMGR.EXE
O23 - SERVICE: MCAFEE.COM VIRUSSCAN ONLINE REALTIME ENGINE (MCVSRTE) - NETWORKS ASSOCIATES TECHNOLOGY, INC - C:\PROGRA~1\MCAFEE.COM\VSO\MCVSRTE.EXE
O23 - SERVICE: SMARTLINKSERVICE (SLSERVICE) - - C:\WINDOWS\SYSTEM32\SLSERV.EXE

Discussion is locked

2 Posts
- Collapse + Expand Details
- Collapse -
Some info for you Mike
by steve11375 Dec 15, 2005 6:05AM PST

Hi Mike,

First of all the moderators here suggest you do NOT post HJT logs, but this is your first post so I'm sure you didn't realize that. I'll let the Mods explain this...

Second, it looks like you have McAfee and McAfee seems to know about Winfixer 2005 and seems to have a fix? http://search.mcafee.com/search?getfields=description&site=AllTopics&output=xml_no_dtd&proxystylesheet=default_frontend&client=default_frontend&q=winfixer

Third, Symantec (Norton) know's about it as well and has some fairly detailed registry "Surgery" needed to manually remove it as well. Look here: http://securityresponse.symantec.com/avcenter/venc/data/winfixer.html

Hope some of that helps,

Steve

- Collapse -
Hi Mike, please follow Steve's advise and
by roddy32 Dec 15, 2005 7:17AM PST
Back to Spyware, Viruses, & Security forum

CNET Forums

Operating Systems
Software
Electronics & Gadgets
Hardware
Tablets & Mobile Devices
General Help
Brand Forums
Roadshow Autos
Off Topic

Other Forums

Forum Info