Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

winfixer

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

winfixer

Unread postby johnstackhouse » August 25th, 2005, 2:50 pm

hi. could you help me remove this winfixer problem. heres my HJT log. cheers

Logfile of HijackThis v1.99.1
Scan saved at 19:36:52, on 25/08/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\Belkin\BELKIN~1\Tool\WinXPDisableZeroConfigation.exe
C:\WINDOWS\system32\nnenstn3.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\WaveNET mp3\WaveNetMp3.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\hjt\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: LANBridge Class - {71D1708F-973D-4600-AF01-AD86688403AE} - C:\WINDOWS\system32\bjoxrizn.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [XpDis0Conf] C:\PROGRA~1\Belkin\BELKIN~1\Tool\WinXPDisableZeroConfigation.exe VEN_14E4&DEV_4320&SUBSYS_70011799 /d
O4 - HKLM\..\Run: [lanbrup] C:\WINDOWS\system32\lanbrup.exe
O4 - HKLM\..\Run: [nnenstn3] C:\WINDOWS\system32\nnenstn3.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 0773040937
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: WLTRYSVC - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE
johnstackhouse
Active Member
 
Posts: 4
Joined: August 25th, 2005, 2:42 pm
Advertisement
Register to Remove

Unread postby percyonline2004 » August 26th, 2005, 12:01 pm

Hi johnstackhouse. Your log is now in the process of being checked over by us, please be patient while this is done and we will get back to you as soon at it is complete.
User avatar
percyonline2004
Regular Member
 
Posts: 129
Joined: August 3rd, 2005, 5:28 am

Unread postby johnstackhouse » August 26th, 2005, 12:03 pm

Come on Guys.......... someone must know something PLEASE
:(
johnstackhouse
Active Member
 
Posts: 4
Joined: August 25th, 2005, 2:42 pm

Unread postby percyonline2004 » August 27th, 2005, 3:34 am

Hi johnstackhouse and welcome to the MWR Forums. Your computer is in need a little attention but it is nothing that we can not sort for you, The following instructions will be set out as plain as possible and in different sections. Please make sure that each step is complete before moving on to the next one. If you are having any difficulty understanding or following any part of the instructions then please feel free to enquire so that we can clarify things in more detail.

I would suggest that you either print out these instructions or save them as a text file with Notepad to your desktop because we will be restarting into Safe Mode later on in the fix and you might not be able to access the Internet. Read this instructions carefully and feel free to ask if you're unsure about anything

Please ensure that hidden files are set to show
  • Open the Windows Explorer - Tools - Folder Options - and select the View tab:
  • Scroll down to where it says "Hidden Files and Folders" section.
  • Now select the option to "Show hidden files and folders"
  • Take the tick out of "Hide file extensions for known file types"
  • Take the tick out of "Hide protected operating system files" Click on OK and Apply
  • Next Click the "Apply to all Folders" button. Close Windows Explorer.
Please re-start your computer in safe mode - To do so, reboot your computer and repeatedly tap the F8 whilst your computer is booting up (just before the MS Windows flag screen appears) until a menu appears. Once you see the menu select the option to start the computer in safe mode. (It might take more than go to access the menu if you have not done this before, just simply reboot the machine again and repeat the steps)

Run HiJackThis : Now place a tick in the left hand boxes alongside the following entries

  • O2 - BHO: LANBridge Class - {71D1708F-973D-4600-AF01-AD86688403AE} - C:\WINDOWS\system32\bjoxrizn.dll
  • O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
  • O4 - HKLM\..\Run: [lanbrup] C:\WINDOWS\system32\lanbrup.exe
  • O4 - HKLM\..\Run: [nnenstn3] C:\WINDOWS\system32\nnenstn3.exe
Once you have placed a tick in all the relevent boxes click on the fix button - Now re-run HJT to double check that none of the entries have been missed out accidently

Next Locate the following files: once you find them (some may not exist but its safer to double check), click on them to highlight the file, hold down the shift key then press delete at the same time
  • C:\WINDOWS\system32\lanbrup.exe
  • C:\WINDOWS\system32\nnenstn3.exe

Now re-boot your computer and run HJT and create a new log, Post it back here using the "Postreply" Button Not the "New topic" Button - Thanks
User avatar
percyonline2004
Regular Member
 
Posts: 129
Joined: August 3rd, 2005, 5:28 am

Unread postby johnstackhouse » September 8th, 2005, 6:46 am

ok. done that mate. heres wot my HJT log looks like now:

Logfile of HijackThis v1.99.1
Scan saved at 11:44:13, on 08/09/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\Belkin\BELKIN~1\Tool\WinXPDisableZeroConfigation.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\devldr32.exe
C:\hjt\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [XpDis0Conf] C:\PROGRA~1\Belkin\BELKIN~1\Tool\WinXPDisableZeroConfigation.exe VEN_14E4&DEV_4320&SUBSYS_70011799 /d
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 0773040937
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: WLTRYSVC - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE
johnstackhouse
Active Member
 
Posts: 4
Joined: August 25th, 2005, 2:42 pm

Unread postby percyonline2004 » September 9th, 2005, 12:31 am

Hi there johnstackhouse - Your log is looking much much better now :)

Just a couple of things to clean up

Please download ccleaner from here - Install and run the program to clear out your temporary folders

Now I would like you to reset your system restore points

A) On the Desktop, right-click My Computer
B) Click on Properties. Click the System Restore tab.
C) Look for the box near the top which says "Turn off system restore off on all drives"
D) Place a tick in the box to disable
E) Click Apply first, and then click OK.

NEXT - Restart yor computer

Now....

A) Right-click My Computer once more
B) Click on Properties. Click the System Restore tab again
C) Look for the box near the top which says "Turn off system restore off on all drives"
D) Take out the tick from the box so it is empty
F) Click Apply first, and then click OK.

Now restart your computer once more

The next thing that you need to do is protect your system with a firewall, an excellent free firewall that you can try is Zonealarm.
Zonealarm is available from here


For keeping your computer free from spyware I would reccomend the download and installation of some or all of the following programs (all free).:

  • Ad-Aware SE - This is a program that scans for and removes known spyware from your machine.
  • Spybot Search & Destroy - Spybot is a tool like Ad-Aware SE whereas it seeks out and removes known spyware from your machine. These two tools (Ad-Aware & spybot) are perfect complements to each other as one will most always find something the other missed.
  • Spyware Blaster - By altering your registry, this program stops harmful sites from installing things like ActiveX Controls on your machines.
  • IE_Spyad - Works by placing known "bad" sites into your Internet Explorer "Restricted Zones" prohibiting them from doing potentially problematic things to your computer.
  • A Squared Free a-squared is a complementary product to antivirus software and desktop firewalls on MS Windows computers. A-squared fills the gap that malware writers exploit. Like the other programs that are listed here it is completely free for personal use
  • Google toolbar Handy for all those annoying pop ups

And remember - once protected - UPDATE UPDATE UPDATE !!! I recommend that you manually check all your security for any fresh updates at least once a week
User avatar
percyonline2004
Regular Member
 
Posts: 129
Joined: August 3rd, 2005, 5:28 am

Unread postby johnstackhouse » September 9th, 2005, 6:26 am

superb mate!! :D :D :D thanks for all the help!
johnstackhouse
Active Member
 
Posts: 4
Joined: August 25th, 2005, 2:42 pm

Unread postby Nick-YF19 » September 18th, 2005, 9:14 am

As this issue has been resolved, this topic is now closed. If you wish it reopened, please send us an email to 'admin at malwareremoval.com' with a link to your thread.

You can help support this site from this link :
Donations For Malware Removal

Do not bother contacting us if you are not the topic starter. A valid, working link to the closed topic is required along with the user name used. If the user name does not match the one in the thread linked, the email will be deleted.
User avatar
Nick-YF19
Admin/Teacher Emeritus
 
Posts: 4036
Joined: May 17th, 2005, 12:42 am
Location: California
Advertisement
Register to Remove


Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 31 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware