G
Guest
Hi,
I am having problem with winfixer Adware whichis loading always and resizing
my brower size and then closing the browser if i say no to their popup
message.
I started MS AntiSpyware and it is detecting this Adware and deleting every
time and rebooting the PC.BUT the Adware is still exist in the PC.
The path for this Adware DLL is as follows
--- Spybot - Search & Destroy version: 1.4 (build: 20050523) ---
2005-05-31 blindman.exe (1.0.0.1)
2005-05-31 SpybotSD.exe (1.4.0.3)
2005-05-31 TeaTimer.exe (1.4.0.2)
2005-11-20 unins000.exe (51.41.0.0)
2005-05-31 Update.exe (1.4.0.0)
2005-05-31 advcheck.dll (1.0.2.0)
2005-05-31 aports.dll (2.1.0.0)
2005-05-31 borlndmm.dll (7.0.4.453)
2005-05-31 delphimm.dll (7.0.4.453)
2005-05-31 SDHelper.dll (1.4.0.0)
2005-05-31 Tools.dll (2.0.0.2)
2005-05-31 UnzDll.dll (1.73.1.1)
2005-05-31 ZipDll.dll (1.73.2.0)
2005-11-18 Includes\Cookies.sbi
2005-11-18 Includes\Dialer.sbi
2005-11-18 Includes\Hijackers.sbi
2005-11-18 Includes\Keyloggers.sbi
2005-11-18 Includes\Malware.sbi
2005-11-18 Includes\PUPS.sbi
2005-11-18 Includes\Revision.sbi
2005-11-18 Includes\Security.sbi
2005-11-18 Includes\Spybots.sbi
2005-02-17 Includes\Tracks.uti
2005-11-18 Includes\Trojans.sbi
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class)
BHO name:
CLSID name: AcroIEHlprObj Class
description: Adobe Acrobat reader
classification: Legitimate
known filename: AcroIEhelper.ocx<br>AcroIEhelper.dll
info link: http://www.adobe.com/products/acrobat/readstep2.html
info source: TonyKlein
Path: C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\
Long name: AcroIEHelper.dll
Short name: ACROIE~1.DLL
Date (created): 11/3/2003 1:17:44 PM
Date (last access): 11/20/2005 9:37:38 AM
Date (last write): 11/3/2003 1:17:44 PM
Filesize: 54248
Attributes: archive
MD5: FC7850324464E4D19A24A03D882B5CC4
CRC32: 452E8571
Version: 6.0.1.1091
{297caf50-e4f7-11d1-a380-00600896eccc} (QAPHlprObj Class)
BHO name:
CLSID name: QAPHlprObj Class
description: Segue, Segue
classification: Legitimate
known filename: QAPHLPR.DLL
info link: http://www.segue.com/html/s_services/training/s_sscp.asp
info source: TonyKlein
Path: C:\Program Files\Segue\SilkTest\
Long name: qaphlpr.dll
Short name:
Date (created): 10/17/2005 10:04:12 PM
Date (last access): 11/20/2005 9:43:06 AM
Date (last write): 5/19/2000 11:55:26 AM
Filesize: 307243
Attributes: archive
MD5: 545167825957555FC7475E650B3E6D7A
CRC32: 41A1E94C
Version: 5.1.0.0
{53707962-6F74-2D53-2644-206D7942484F} ()
BHO name:
CLSID name:
description: Spybot-S&D IE Browser plugin
classification: Legitimate
known filename: SDhelper.dll
info link: http://spybot.eon.net.au/
info source: Patrick M. Kolla
Path: C:\Program Files\Spybot - Search & Destroy\
Long name: SDHelper.dll
Short name:
Date (created): 11/20/2005 10:18:42 AM
Date (last access): 11/20/2005 10:18:42 AM
Date (last write): 5/31/2005 1:04:00 AM
Filesize: 853672
Attributes: archive
MD5: 250D787A5712D7768DDC133B3E477759
CRC32: D4589A41
Version: 1.4.0.0
{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} (UberButton Class)
BHO name:
CLSID name: UberButton Class
Path: C:\Program Files\Yahoo!\Common\
Long name: yiesrvc.dll
Short name:
Date (created): 5/18/2005 9:59:58 PM
Date (last access): 11/20/2005 9:43:06 AM
Date (last write): 2/24/2005 3:39:04 PM
Filesize: 181352
Attributes: archive
MD5: F5E62C5F6DAE350140F821278060B8EA
CRC32: 7595E78F
Version: 2005.2.24.3
{65D886A2-7CA7-479B-BB95-14D1EFB7946A} (YahooTaggedBM Class)
BHO name:
CLSID name: YahooTaggedBM Class
Path: C:\Program Files\Yahoo!\Common\
Long name: YIeTagBm.dll
Short name:
Date (created): 5/18/2005 9:59:56 PM
Date (last access): 11/20/2005 9:43:06 AM
Date (last write): 1/24/2005 8:55:32 AM
Filesize: 115832
Attributes: archive
MD5: A7DFD7463C4AC34309D2304546D7A96A
CRC32: E2DA49AB
Version: 2005.1.24.1
{AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
BHO name:
CLSID name: Google Toolbar Helper
description: Google toolbar
classification: Open for discussion
known filename: googletoolbar.dll<br>googletoolbar*.dll<br>(* =
number)<br>googletoolbar_en_*.**-big.dll<br>Googletoolbar_en_*.*.**-deleon.dll
info link: http://toolbar.google.com/
info source: TonyKlein
Path: c:\program files\google\
Long name: GoogleToolbar3.dll
Short name: GOOGLE~3.DLL
Date (created): 9/5/2005 12:14:44 AM
Date (last access): 11/20/2005 9:43:12 AM
Date (last write): 8/11/2005 7:45:00 PM
Filesize: 1157120
Attributes: readonly archive
MD5: 356F49ACB4A92470F9968B1E7E211410
CRC32: 28C87834
Version: 3.0.125.1
{CE70731D-F28D-4D81-9D61-C8EE60378401} (MSEvents Object)
BHO name:
CLSID name: MSEvents Object
Path: C:\WINDOWS\system32\
Long name: ddabc.dll
Short name:
Date (created): 11/16/2005 9:18:54 AM
Date (last access): 11/20/2005 9:42:04 AM
Date (last write): 11/16/2005 9:19:00 AM
Filesize: 540724
Attributes:
MD5: C7F3247ABF269D4C0BB8BE3E0CEAA20A
CRC32: A2D8E642
I ran this MS AntiSpyware more than 10 times.But it is not able to remove
this WinFixwer Adware.
I am having problem with winfixer Adware whichis loading always and resizing
my brower size and then closing the browser if i say no to their popup
message.
I started MS AntiSpyware and it is detecting this Adware and deleting every
time and rebooting the PC.BUT the Adware is still exist in the PC.
The path for this Adware DLL is as follows
--- Spybot - Search & Destroy version: 1.4 (build: 20050523) ---
2005-05-31 blindman.exe (1.0.0.1)
2005-05-31 SpybotSD.exe (1.4.0.3)
2005-05-31 TeaTimer.exe (1.4.0.2)
2005-11-20 unins000.exe (51.41.0.0)
2005-05-31 Update.exe (1.4.0.0)
2005-05-31 advcheck.dll (1.0.2.0)
2005-05-31 aports.dll (2.1.0.0)
2005-05-31 borlndmm.dll (7.0.4.453)
2005-05-31 delphimm.dll (7.0.4.453)
2005-05-31 SDHelper.dll (1.4.0.0)
2005-05-31 Tools.dll (2.0.0.2)
2005-05-31 UnzDll.dll (1.73.1.1)
2005-05-31 ZipDll.dll (1.73.2.0)
2005-11-18 Includes\Cookies.sbi
2005-11-18 Includes\Dialer.sbi
2005-11-18 Includes\Hijackers.sbi
2005-11-18 Includes\Keyloggers.sbi
2005-11-18 Includes\Malware.sbi
2005-11-18 Includes\PUPS.sbi
2005-11-18 Includes\Revision.sbi
2005-11-18 Includes\Security.sbi
2005-11-18 Includes\Spybots.sbi
2005-02-17 Includes\Tracks.uti
2005-11-18 Includes\Trojans.sbi
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class)
BHO name:
CLSID name: AcroIEHlprObj Class
description: Adobe Acrobat reader
classification: Legitimate
known filename: AcroIEhelper.ocx<br>AcroIEhelper.dll
info link: http://www.adobe.com/products/acrobat/readstep2.html
info source: TonyKlein
Path: C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\
Long name: AcroIEHelper.dll
Short name: ACROIE~1.DLL
Date (created): 11/3/2003 1:17:44 PM
Date (last access): 11/20/2005 9:37:38 AM
Date (last write): 11/3/2003 1:17:44 PM
Filesize: 54248
Attributes: archive
MD5: FC7850324464E4D19A24A03D882B5CC4
CRC32: 452E8571
Version: 6.0.1.1091
{297caf50-e4f7-11d1-a380-00600896eccc} (QAPHlprObj Class)
BHO name:
CLSID name: QAPHlprObj Class
description: Segue, Segue
classification: Legitimate
known filename: QAPHLPR.DLL
info link: http://www.segue.com/html/s_services/training/s_sscp.asp
info source: TonyKlein
Path: C:\Program Files\Segue\SilkTest\
Long name: qaphlpr.dll
Short name:
Date (created): 10/17/2005 10:04:12 PM
Date (last access): 11/20/2005 9:43:06 AM
Date (last write): 5/19/2000 11:55:26 AM
Filesize: 307243
Attributes: archive
MD5: 545167825957555FC7475E650B3E6D7A
CRC32: 41A1E94C
Version: 5.1.0.0
{53707962-6F74-2D53-2644-206D7942484F} ()
BHO name:
CLSID name:
description: Spybot-S&D IE Browser plugin
classification: Legitimate
known filename: SDhelper.dll
info link: http://spybot.eon.net.au/
info source: Patrick M. Kolla
Path: C:\Program Files\Spybot - Search & Destroy\
Long name: SDHelper.dll
Short name:
Date (created): 11/20/2005 10:18:42 AM
Date (last access): 11/20/2005 10:18:42 AM
Date (last write): 5/31/2005 1:04:00 AM
Filesize: 853672
Attributes: archive
MD5: 250D787A5712D7768DDC133B3E477759
CRC32: D4589A41
Version: 1.4.0.0
{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} (UberButton Class)
BHO name:
CLSID name: UberButton Class
Path: C:\Program Files\Yahoo!\Common\
Long name: yiesrvc.dll
Short name:
Date (created): 5/18/2005 9:59:58 PM
Date (last access): 11/20/2005 9:43:06 AM
Date (last write): 2/24/2005 3:39:04 PM
Filesize: 181352
Attributes: archive
MD5: F5E62C5F6DAE350140F821278060B8EA
CRC32: 7595E78F
Version: 2005.2.24.3
{65D886A2-7CA7-479B-BB95-14D1EFB7946A} (YahooTaggedBM Class)
BHO name:
CLSID name: YahooTaggedBM Class
Path: C:\Program Files\Yahoo!\Common\
Long name: YIeTagBm.dll
Short name:
Date (created): 5/18/2005 9:59:56 PM
Date (last access): 11/20/2005 9:43:06 AM
Date (last write): 1/24/2005 8:55:32 AM
Filesize: 115832
Attributes: archive
MD5: A7DFD7463C4AC34309D2304546D7A96A
CRC32: E2DA49AB
Version: 2005.1.24.1
{AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
BHO name:
CLSID name: Google Toolbar Helper
description: Google toolbar
classification: Open for discussion
known filename: googletoolbar.dll<br>googletoolbar*.dll<br>(* =
number)<br>googletoolbar_en_*.**-big.dll<br>Googletoolbar_en_*.*.**-deleon.dll
info link: http://toolbar.google.com/
info source: TonyKlein
Path: c:\program files\google\
Long name: GoogleToolbar3.dll
Short name: GOOGLE~3.DLL
Date (created): 9/5/2005 12:14:44 AM
Date (last access): 11/20/2005 9:43:12 AM
Date (last write): 8/11/2005 7:45:00 PM
Filesize: 1157120
Attributes: readonly archive
MD5: 356F49ACB4A92470F9968B1E7E211410
CRC32: 28C87834
Version: 3.0.125.1
{CE70731D-F28D-4D81-9D61-C8EE60378401} (MSEvents Object)
BHO name:
CLSID name: MSEvents Object
Path: C:\WINDOWS\system32\
Long name: ddabc.dll
Short name:
Date (created): 11/16/2005 9:18:54 AM
Date (last access): 11/20/2005 9:42:04 AM
Date (last write): 11/16/2005 9:19:00 AM
Filesize: 540724
Attributes:
MD5: C7F3247ABF269D4C0BB8BE3E0CEAA20A
CRC32: A2D8E642
I ran this MS AntiSpyware more than 10 times.But it is not able to remove
this WinFixwer Adware.