Winfix help!

Computing.Net > Forums > Security and Virus > Winfix help!

Computer Problems? Computing.Net has over 1,000,000 posts about all things technology related! Over 90% answered within 24 hours! Click here to start participating now! Also, be sure to check out the New User Guide.

Winfix help!

Name: racemyjetta85
Date: February 4, 2006 at 23:42:24 Pacific
OS: Windows XP SP2
CPU/Ram: 2.8Ghz/512Mb

Comment:

I have the winfix virus.. can you help me delete it?
I have HJT logfile..
I also downloaded VundoFix... still get the process winlogon.exe
PLEASE HELP!!!
I hope you I can get this fixed :

Sponsored Link

Ads by Google

Response Number 1

Name: jabuck
Date: February 5, 2006 at 03:39:15 Pacific

Reply:

Post you Hijack This log.
Please download http://www.atribune.org/public-beta/VundoFix.exe to your desktop.
Double-click VundoFix.exe to run it. Click the Scan for Vundo button.
Once it's done scanning, click the Remove Vundo button.
You will receive a prompt asking if you want to remove the files, click yes.
Once you click yes, your desktop will go blank as it starts removing Vundo.
When completed, it will prompt that it will shutdown your computer, click ok.
Turn your computer back on. Please post the contents of C:\vundofix.txt and a new HiJackThis log.

Response Number 2

Name: Bob (by BigBob)
Date: February 5, 2006 at 03:41:22 Pacific

Reply:

You can paste your HJT log to the Analyzer Page
Or see if THIS link helps you out

" It'll Get Ya When You Aint Lookin "
Please Post back to let us know if we helped

Response Number 3

Name: racemyjetta85
Date: February 5, 2006 at 14:49:39 Pacific

Reply:

VundoFix V2.15 by Atri

Listing files contained in the vundofix folder.

ReadMe.txt
killvundo.bat
process.exe
vundo.reg
vundofix.txt

Filepaths entered

The filepath entered was C:\Documents and settings\Special K\Local Settings\Temporary Internet Files\Content.IE5\8F73AWD9\WinFixerScannerInstall[1].exe

The second filepath entered was C:\WINDOWS\SYSTEM32\igfxsrvc.dll

Log from Process

Killing PID 504 'smss.exe'
Killing PID 1432 'explorer.exe'
Killing PID 1432 'explorer.exe'

Killing PID 584 'winlogon.exe'
Killing PID 584 'winlogon.exe'

C:\WINDOWS\SYSTEM32\igfxsrvc.dll Deleted sucessfully.

Fixing Registry

Logfile of HijackThis v1.99.1
Scan saved at 2:47:26 PM, on 2/5/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Common Files\Lanovation\PrismXL\PRISMXL.SYS
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\Explorer.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe
C:\Program Files\SpyCatcher\DeleteSatellite.exe
C:\Program Files\SpyCatcher\Scheduler daemon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\PROGRA~1\AMERIC~1.0A\waol.exe
C:\PROGRA~1\AMERIC~1.0A\shellmon.exe
C:\HJT\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gatewaybiz.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.gatewaybiz.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gatewaybiz.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: ATLDistrib Object - {93C6313C-9DB4-4694-8BD0-E378C573A9AD} - C:\WINDOWS\system32\vtsqr.dll (file missing)
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [USB2Check] RUNDLL32.exe "C:\WINDOWS\system32\PCLECoInst.dll",CheckUSBController
O4 - HKLM\..\Run: [USBToolTip] "C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe"
O4 - HKLM\..\Run: [NI.UWFX5_0001_N57M2112] "C:\Documents and Settings\Special K\Local Settings\Temporary Internet Files\Content.IE5\8F73AWD9\WinFixerScannerInstall[1].exe" -nag
O4 - HKLM\..\Run: [GhostSurfDelSatellite] "C:\Program Files\SpyCatcher\DeleteSatellite.exe"
O4 - HKLM\..\RunOnce: [GhostSurfDelSatellite] "C:\Program Files\SpyCatcher\DeleteSatellite.exe" nowait
O4 - HKCU\..\Run: [AOL Fast Start] "C:\PROGRA~1\AMERIC~1.0A\AOL.exe" -b
O4 - Startup: PowerReg Scheduler.exe
O4 - Startup: Scheduler.lnk = C:\Program Files\SpyCatcher\Scheduler daemon.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com/computercheckup/qdiagcc.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{BC9212B5-D07F-4477-82FA-8412F8AB4AB0}: NameServer = 205.188.146.145
O20 - Winlogon Notify: igfxcui - igfxsrvc.dll (file missing)
O20 - Winlogon Notify: vtsqr - C:\WINDOWS\system32\vtsqr.dll (file missing)
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PrismXL - Lanovation - C:\Program Files\Common Files\Lanovation\PrismXL\PRISMXL.SYS
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
I hope you I can get this fixed :

Response Number 4

Name: jabuck
Date: February 5, 2006 at 15:36:43 Pacific

Reply:

Winfixer is dead but there is still some cleanup to do.
Run HT again, close all windows and browsers except HT, place a check to the left of the following items and press "fix checked":
O2 - BHO: ATLDistrib Object - {93C6313C-9DB4-4694-8BD0-E378C573A9AD} - C:\WINDOWS\system32\vtsqr.dll (file missing)
O4 - HKLM\..\Run: [NI.UWFX5_0001_N57M2112] "C:\Documents and Settings\Special K\Local Settings\Temporary Internet Files\Content.IE5\8F73AWD9\WinFixerScannerInstall[1].exe" -nag
C:\WINDOWS\system32\vtsqr.dll (file missing)
Shut the computer down,wait 30 seconds , then restart the computer.
IMPORTANT ... Download and run ccleaner to clean out all your temp files. Make sure there is not anything in the recycle bin that you need as ccleaner will delete recycle bin items unless checked not to do so.
Post a new HT log.

Response Number 5

Name: bobby2809_in
Date: February 6, 2006 at 12:48:53 Pacific

Reply:

goto www.tdwebsite.com goto removal too and download and run the winfixer tool...if ur computer is iinfected with winfixer u'll get a bluescreen error...then u'll hv to manually restart the computer...and bingo winfixer is gone...try it.....bobby

microsoft multimedia keyboard 1.0a WAN Miniport (ATW) vid_04e6 pid wan miniport atw driver delete recycler local settings folder missing wan miniport ip uninstall wan miniport msjava.dll netsvc	sys c: powerreg scheduler Verse 504 Labtec ie5 download Discuss shdocvw.dll Discuss shdocvw.dll waol.exe hp connection manager fehler 619 ArcSoft Connect Daemon auto enter
See More

Response Number 6

Name: andy1
Date: February 9, 2006 at 10:44:15 Pacific

Reply:

try these manual winfixer removal instructions.

Sponsored Link

Ads by Google

Can't get rid of CWS.msco...

Adware: winsyban5.exe?

Post Locked

This post is quite old and has been locked from receiving new replies. Please create a new posting instead.

Go to Security and Virus Forum Home

Sponsored links

Ads by Google

Results for: Winfix help!

Possible WinFixer?? Need help.

Summary

www.computing.net/answers/security/possible-winfixer-need-help/17280.html

Winfixer...Plz HELP

Summary

www.computing.net/answers/security/winfixerplz-help/17541.html

winfixer nightmare please help!

Summary

www.computing.net/answers/security/winfixer-nightmare-please-help/17581.html

From the Geek Dictionary
AVI - AVI (Audio Video Interleave)is a format for saving audio or video clips in ...

Ask a Question!

Weekly Poll
Do you think Comcast should have bought NBC?

Poll Finishes In 5 Days.
Discuss in The Lounge
Poll History

Recent Posts
Restoring to Acer defaults

Batch help

Recycled Inkjet Cartridges - Are they good?

Batch to read a file

Startup problems

All Awaiting Reply

Tom's News
Verizon: iPhone is Digitally Clueless Beauty Queen

Nintendo DS Flash Cards are Legal Says Judge

Go Retro: Dragon's Lair Confirmed for iPhone

Sony's PSPgo May Get External UMD Reader

Report: Teen Internet Addicts Likely to Self-Harm

More Tom's Guide News

Data Recovery

Manufacturer List | About Us | Advertising Info | Contact Us
The information on Computing.Net is the opinions of its users. Such opinions may not be accurate and they are to be used at your own risk. Computing.Net cannot verify the validity of the statements made on this site. Computing.Net and Computing.Net LLC hereby disclaim all responsibility and liability for the content of Computing.Net and its accuracy.
PLEASE READ THE FULL DISCLAIMER AND LEGAL TERMS BY CLICKING HERE