Author Topic: Winfixer problem (Read 2287 times)

Nesatauri · « **on:** March 18, 2006, 06:38:22 PM »

Hello, I'm back with another problem on another computer.

A couple of days ago Winfixer appeared on my Dad's laptop. I was hoping a simple remove software would do the trick, but hey, it's crapware, I should know better by now.

Here's an Ad-Aware logfile just to get things started, even though Ad-Aware seems to miss winfixer. The bad running process might be in the logfile anyhow.

Ad-Aware SE Build 1.06r1
Logfile Created on:Saturday, March 18, 2006 12:25:47 PM
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R98 16.03.2006
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Tracking Cookie(TAC index:3):15 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Definition File:
=========================
Definitions File Loaded:
Reference Number : SE1R47 24.05.2005
Internal build : 55
File location : C:\PROGRA~1\Lavasoft\AD-AWA~1\defs.ref
File size : 476246 Bytes
Total size : 1439523 Bytes
Signature data size : 1408291 Bytes
Reference data size : 30720 Bytes
Signatures total : 40174
CSI Fingerprints total : 886
CSI data size : 30371 Bytes
Target categories : 15
Target families : 679

3-18-2006 12:05:06 PM Performing WebUpdate...

Installing Update...
Definitions File Loaded:
Reference Number : SE1R98 16.03.2006
Internal build : 113
File location : C:\PROGRA~1\Lavasoft\AD-AWA~1\defs.ref
File size : 577345 Bytes
Total size : 1900129 Bytes
Signature data size : 1863262 Bytes
Reference data size : 36355 Bytes
Signatures total : 53541
CSI Fingerprints total : 1855
CSI data size : 52943 Bytes
Target categories : 15
Target families : 860

3-18-2006 12:05:18 PM Success
Update successfully downloaded and installed.

Memory + processor status:
==========================
Number of processors : 1
Processor architecture : Non Intel
Memory available:26 %
Total physical memory:260312 kb
Available physical memory:66200 kb
Total page file size:640228 kb
Available on page file:366036 kb
Total virtual memory:2097024 kb
Available virtual memory:2020420 kb
OS:Microsoft Windows XP Professional Service Pack 2 (Build 2600)

Ad-Aware SE Settings
===========================
Set : Search for low-risk threats
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan my Hosts file

Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Obtain command line of scanned processes
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include alternate data stream details in log file
Set : Play sound at scan completion if scan locates critical objects

3/18/2006 12:25:47 PM - Scan started. (Full System Scan)

Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

#:1 [smss.exe]
ModuleName : \SystemRoot\System32\smss.exe
Command Line : n/a
ProcessID : 812
ThreadCreationTime : 3/18/2006 6:26:38 PM
BasePriority : Normal

#:2 [csrss.exe]
ModuleName : \??\C:\WINDOWS\system32\csrss.exe
Command Line : C:\WINDOWS\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestTh
ProcessID : 860
ThreadCreationTime : 3/18/2006 6:26:40 PM
BasePriority : Normal

#:3 [winlogon.exe]
ModuleName : \??\C:\WINDOWS\system32\winlogon.exe
Command Line : winlogon.exe
ProcessID : 884
ThreadCreationTime : 3/18/2006 6:26:41 PM
BasePriority : High

#:4 [services.exe]
ModuleName : C:\WINDOWS\system32\services.exe
Command Line : C:\WINDOWS\system32\services.exe
ProcessID : 928
ThreadCreationTime : 3/18/2006 6:26:42 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : services.exe

#:5 [lsass.exe]
ModuleName : C:\WINDOWS\system32\lsass.exe
Command Line : C:\WINDOWS\system32\lsass.exe
ProcessID : 940
ThreadCreationTime : 3/18/2006 6:26:42 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe

#:6 [svchost.exe]
ModuleName : C:\WINDOWS\system32\svchost.exe
Command Line : C:\WINDOWS\system32\svchost -k DcomLaunch
ProcessID : 1108
ThreadCreationTime : 3/18/2006 6:26:45 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:7 [svchost.exe]
ModuleName : C:\WINDOWS\system32\svchost.exe
Command Line : C:\WINDOWS\system32\svchost -k rpcss
ProcessID : 1176
ThreadCreationTime : 3/18/2006 6:26:45 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:8 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : C:\WINDOWS\System32\svchost.exe -k netsvcs
ProcessID : 1216
ThreadCreationTime : 3/18/2006 6:26:45 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:9 [s24evmon.exe]
ModuleName : C:\WINDOWS\system32\S24EvMon.exe
Command Line : C:\WINDOWS\system32\S24EvMon.exe
ProcessID : 1268
ThreadCreationTime : 3/18/2006 6:26:46 PM
BasePriority : Normal
FileVersion : 4, 1, 0, 0
ProductVersion : 4, 1, 0, 0
ProductName : Mobile Unit Support Service
CompanyName : Intel Corporation
FileDescription : Event Monitor - Supports driver extensions to NIC Driver for wireless adapters.
InternalName : S24EvMon
LegalCopyright : Copyright © 2001 - 2003 Intel Corporation, 1997 - 2001 Symbol Technologies, Inc. Portions Copyright © MIT
OriginalFilename : S24EvMon.exe

#:10 [svchost.exe]
ModuleName : C:\WINDOWS\system32\svchost.exe
Command Line : C:\WINDOWS\system32\svchost.exe -k NetworkService
ProcessID : 1324
ThreadCreationTime : 3/18/2006 6:26:46 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:11 [svchost.exe]
ModuleName : C:\WINDOWS\system32\svchost.exe
Command Line : C:\WINDOWS\system32\svchost.exe -k LocalService
ProcessID : 1412
ThreadCreationTime : 3/18/2006 6:26:46 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:12 [ccsetmgr.exe]
ModuleName : C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
Command Line : "C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe"
ProcessID : 1636
ThreadCreationTime : 3/18/2006 6:26:46 PM
BasePriority : Normal
FileVersion : 103.5.1.9
ProductVersion : 103.5.1.9
ProductName : Client and Host Security Platform
CompanyName : Symantec Corporation
FileDescription : Symantec Settings Manager Service
InternalName : ccSetMgr
LegalCopyright : Copyright (c) 2000-2005 Symantec Corporation. All rights reserved.
OriginalFilename : ccSetMgr.exe

#:13 [ccevtmgr.exe]
ModuleName : C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
Command Line : "C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"
ProcessID : 1664
ThreadCreationTime : 3/18/2006 6:26:46 PM
BasePriority : Normal
FileVersion : 103.5.1.9
ProductVersion : 103.5.1.9
ProductName : Client and Host Security Platform
CompanyName : Symantec Corporation
FileDescription : Symantec Event Manager Service
InternalName : ccEvtMgr
LegalCopyright : Copyright (c) 2000-2005 Symantec Corporation. All rights reserved.
OriginalFilename : ccEvtMgr.exe

#:14 [spoolsv.exe]
ModuleName : C:\WINDOWS\system32\spoolsv.exe
Command Line : C:\WINDOWS\system32\spoolsv.exe
ProcessID : 1820
ThreadCreationTime : 3/18/2006 6:26:47 PM
BasePriority : Normal
FileVersion : 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)
ProductVersion : 5.1.2600.2696
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : spoolsv.exe

#:15 [defwatch.exe]
ModuleName : C:\Program Files\Symantec AntiVirus\DefWatch.exe
Command Line : "C:\Program Files\Symantec AntiVirus\DefWatch.exe"
ProcessID : 828
ThreadCreationTime : 3/18/2006 6:27:12 PM
BasePriority : Normal
FileVersion : 10.0.0.359
ProductVersion : 10.0.0.359
ProductName : Symantec AntiVirus
CompanyName : Symantec Corporation
FileDescription : Virus Definition Daemon
InternalName : DefWatch
LegalCopyright : Copyright 1998 - 2005 Symantec Corporation. All rights reserved.
OriginalFilename : DefWatch.exe

#:16 [mdm.exe]
ModuleName : C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
Command Line : "C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE"
ProcessID : 1072
ThreadCreationTime : 3/18/2006 6:27:12 PM
BasePriority : Normal
FileVersion : 7.00.9466
ProductVersion : 7.00.9466
ProductName : Microsoft® Visual Studio .NET
CompanyName : Microsoft Corporation
FileDescription : Machine Debug Manager
InternalName : mdm.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : mdm.exe

#:17 [regsrvc.exe]
ModuleName : C:\WINDOWS\system32\RegSrvc.exe
Command Line : C:\WINDOWS\system32\RegSrvc.exe
ProcessID : 1280
ThreadCreationTime : 3/18/2006 6:27:12 PM
BasePriority : Normal
FileVersion : 4, 1, 0, 0
ProductVersion : 4, 1, 0, 0
ProductName : RegSrvc Module
CompanyName : Intel Corporation
FileDescription : RegSrvc Module
InternalName : RegSrvc
LegalCopyright : Copyright © 2002 - 2003 Intel Corporation
OriginalFilename : RegSrvc.EXE

#:18 [savroam.exe]
ModuleName : C:\Program Files\Symantec AntiVirus\SavRoam.exe
Command Line : "C:\Program Files\Symantec AntiVirus\SavRoam.exe"
ProcessID : 1564
ThreadCreationTime : 3/18/2006 6:27:15 PM
BasePriority : Normal
FileVersion : 10.0.0.359
ProductVersion : 10.0.0.359
ProductName : Symantec SAVRoam
CompanyName : symantec
FileDescription : SAVRoam
InternalName : SAVRoam
LegalCopyright : Copyright 2002 - 2005 Symantec Corporation. All rights reserved.
OriginalFilename : SAVRoam.exe

#:19 [rtvscan.exe]
ModuleName : C:\Program Files\Symantec AntiVirus\Rtvscan.exe
Command Line : "C:\Program Files\Symantec AntiVirus\Rtvscan.exe"
ProcessID : 1424
ThreadCreationTime : 3/18/2006 6:27:15 PM
BasePriority : Normal
FileVersion : 10.0.0.359
ProductVersion : 10.0.0.359
ProductName : Symantec AntiVirus
CompanyName : Symantec Corporation
FileDescription : Symantec AntiVirus
LegalCopyright : Copyright 1991 - 2005 Symantec Corporation. All rights reserved.

#:20 [winvnc.exe]
ModuleName : C:\Program Files\TightVNC\WinVNC.exe
Command Line : "C:\Program Files\TightVNC\WinVNC.exe" -service
ProcessID : 1896
ThreadCreationTime : 3/18/2006 6:27:15 PM
BasePriority : Normal
FileVersion : 1, 2, 9, 0
ProductVersion : 1, 2, 9, 0
ProductName : TightVNC Win32 Server
CompanyName : Constantin Kaplinsky
FileDescription : TightVNC Win32 Server
InternalName : WinVNC
LegalCopyright : Copyright (C) 1998-2002 [many holders]
OriginalFilename : WinVNC.exe
Comments : Based on TridiaVNC by Tridia Corporation

#:21 [alg.exe]
ModuleName : C:\WINDOWS\System32\alg.exe
Command Line : C:\WINDOWS\System32\alg.exe
ProcessID : 244
ThreadCreationTime : 3/18/2006 6:27:16 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Application Layer Gateway Service
InternalName : ALG.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : ALG.exe

#:22 [zcfgsvc.exe]
ModuleName : C:\WINDOWS\system32\ZCfgSvc.exe
Command Line : ZCfgSvc.exe
ProcessID : 1992
ThreadCreationTime : 3/18/2006 6:31:41 PM
BasePriority : Normal
FileVersion : 4, 1, 0, 53
ProductVersion : 4, 1, 0, 0
ProductName : ZeroCfgSvc Application
CompanyName : Intel Corporation
FileDescription : ZeroCfgSvc MFC Application
InternalName : ZeroCfgSvc
LegalCopyright : Copyright © 2002 - 2003 Intel Corporation
OriginalFilename : ZeroCfgSvc.EXE

#:23 [1xconfig.exe]
ModuleName : C:\WINDOWS\system32\1XConfig.exe
Command Line : C:\WINDOWS\system32\1XConfig.exe -Embedding
ProcessID : 352
ThreadCreationTime : 3/18/2006 6:31:48 PM
BasePriority : Normal
FileVersion : 4, 1, 0, 3
ProductVersion : 4, 1, 0, 0
ProductName : 8021XConfig Module
CompanyName : Intel
FileDescription : 8021XConfig Module
InternalName : 8021XConfig
LegalCopyright : Copyright 2003
OriginalFilename : 1XConfig.EXE
Comments : Wrapper for MH. (Service COM)

#:24 [pronomgr.exe]
ModuleName : C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
Command Line : "C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe"
ProcessID : 2128
ThreadCreationTime : 3/18/2006 6:32:17 PM
BasePriority : Normal
FileVersion : 6.1.302.0
ProductVersion : 6.1.302.0
ProductName : Intel(R) Network Configuration Services
CompanyName : Intel(R) Corporation
FileDescription : PRONotifyMgr Module
InternalName : PRONotifyMgr
LegalCopyright : Copyright(C) 2001-2002 Intel Corporation
OriginalFilename : PRONoMgr.exe

#:25 [hkcmd.exe]
ModuleName : C:\WINDOWS\system32\hkcmd.exe
Command Line : "C:\WINDOWS\system32\hkcmd.exe"
ProcessID : 2192
ThreadCreationTime : 3/18/2006 6:32:19 PM
BasePriority : Normal
FileVersion : 3.0.0.2311
ProductVersion : 7.0.0.2311
ProductName : Intel(R) Common User Interface
CompanyName : Intel Corporation
FileDescription : hkcmd Module
InternalName : HKCMD
LegalCopyright : Copyright 1999-2003, Intel Corporation
OriginalFilename : HKCMD.EXE

#:26 [ccapp.exe]
ModuleName : C:\Program Files\Common Files\Symantec Shared\ccApp.exe
Command Line : "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
ProcessID : 2324
ThreadCreationTime : 3/18/2006 6:32:22 PM
BasePriority : Normal
FileVersion : 103.5.1.9
ProductVersion : 103.5.1.9
ProductName : Client and Host Security Platform
CompanyName : Symantec Corporation
FileDescription : Symantec User Session
InternalName : ccApp
LegalCopyright : Copyright (c) 2000-2005 Symantec Corporation. All rights reserved.
OriginalFilename : ccApp.exe

#:27 [vptray.exe]
ModuleName : C:\PROGRA~1\SYMANT~1\VPTray.exe
Command Line : "C:\PROGRA~1\SYMANT~1\VPTray.exe"
ProcessID : 2544
ThreadCreationTime : 3/18/2006 6:32:29 PM
BasePriority : Normal
FileVersion : 10.0.0.359
ProductVersion : 10.0.0.359
ProductName : Symantec AntiVirus
CompanyName : Symantec Corporation
FileDescription : Symantec AntiVirus
LegalCopyright : Copyright 1991 - 2005 Symantec Corporation. All rights reserved.

#:28 [viewmgr.exe]
ModuleName : C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
Command Line : "C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe"
ProcessID : 2680
ThreadCreationTime : 3/18/2006 6:32:31 PM
BasePriority : Normal
FileVersion : 2, 0, 0, 42
ProductVersion : 2, 0, 0, 42
ProductName : Viewpoint Manager
CompanyName : Viewpoint Corporation
FileDescription : ViewMgr
InternalName : Viewpoint Manager
LegalCopyright : Copyright © 2004
OriginalFilename : ViewMgr.exe
Comments : Viewpoint Manager

#:29 [cmpdpsrv.exe]
ModuleName : C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\CMPDPSRV.EXE
Command Line : "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\CMPDPSRV.EXE"
ProcessID : 2716
ThreadCreationTime : 3/18/2006 6:32:33 PM
BasePriority : Normal
FileVersion : 1.0.0.137
ProductVersion : 1.0.0.137
ProductName : Printer Driver Plus
CompanyName : Conexant Systems, Inc.
FileDescription : PDP RPC Server
InternalName : PDPserver
LegalCopyright : Copyright© Conexant Systems, Inc. 1996-2001
OriginalFilename : PDPserve.dll

#:30 [ituneshelper.exe]
ModuleName : C:\Program Files\iTunes\iTunesHelper.exe
Command Line : "C:\Program Files\iTunes\iTunesHelper.exe"
ProcessID : 2824
ThreadCreationTime : 3/18/2006 6:32:35 PM
BasePriority : Normal
FileVersion : 6.0.4.2
ProductVersion : 6.0.4.2
ProductName : iTunes
CompanyName : Apple Computer, Inc.
FileDescription : iTunesHelper Module
InternalName : iTunesHelper
LegalCopyright : © 2003-2006 Apple Computer, Inc. All Rights Reserved.
OriginalFilename : iTunesHelper.exe

#:31 [qttask.exe]
ModuleName : C:\Program Files\QuickTime\qttask.exe
Command Line : "C:\Program Files\QuickTime\qttask.exe" -atboottime
ProcessID : 2900
ThreadCreationTime : 3/18/2006 6:32:37 PM
BasePriority : Normal
FileVersion : 7.0.4
ProductVersion : QuickTime 7.0.4
ProductName : QuickTime
CompanyName : Apple Computer, Inc.
FileDescription : QuickTime Task
InternalName : QuickTime Task
LegalCopyright : Copyright Apple Computer, Inc. 1989-2006
OriginalFilename : QTTask.exe

#:32 [msmsgs.exe]
ModuleName : C:\Program Files\Messenger\msmsgs.exe
Command Line : "C:\Program Files\Messenger\msmsgs.exe" /background
ProcessID : 2960
ThreadCreationTime : 3/18/2006 6:32:40 PM
BasePriority : Normal
FileVersion : 4.7.3001
ProductVersion : Version 4.7.3001
ProductName : Messenger
CompanyName : Microsoft Corporation
FileDescription : Windows Messenger
InternalName : msmsgs
LegalCopyright : Copyright (c) Microsoft Corporation 2004
LegalTrademarks : Microsoft(R) is a registered trademark of Microsoft Corporation in the U.S. and/or other countries.
OriginalFilename : msmsgs.exe

#:33 [ctfmon.exe]
ModuleName : C:\WINDOWS\system32\ctfmon.exe
Command Line : "C:\WINDOWS\system32\ctfmon.exe"
ProcessID : 3152
ThreadCreationTime : 3/18/2006 6:32:44 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : CTF Loader
InternalName : CTFMON
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : CTFMON.EXE

#:34 [ipodservice.exe]
ModuleName : C:\Program Files\iPod\bin\iPodService.exe
Command Line : "C:\Program Files\iPod\bin\iPodService.exe"
ProcessID : 3492
ThreadCreationTime : 3/18/2006 6:32:50 PM
BasePriority : Normal
FileVersion : 6.0.4.2
ProductVersion : 6.0.4.2
ProductName : iTunes
CompanyName : Apple Computer, Inc.
FileDescription : iPodService Module
InternalName : iPodService
LegalCopyright : © 2003-2006 Apple Computer, Inc. All Rights Reserved.
OriginalFilename : iPodService.exe

#:35 [aolsoftware.exe]
ModuleName : C:\Program Files\Common Files\AOL\1133833905\ee\aolsoftware.exe
Command Line : "C:\Program Files\Common Files\AOL\1133833905\ee\aolsoftware.exe"
ProcessID : 3008
ThreadCreationTime : 3/18/2006 6:37:06 PM
BasePriority : Normal
FileVersion : 1.4.9.1
ProductVersion : 1.4.9.1
ProductName : AOL Service Libraries
CompanyName : America Online, Inc.
FileDescription : AOL
InternalName : AOLSoftware
LegalCopyright : © 2005 America Online, Inc.
OriginalFilename : AOLSoftware.exe

#:36 [iexplore.exe]
ModuleName : C:\Program Files\Internet Explorer\IEXPLORE.EXE
Command Line : "C:\Program Files\Internet Explorer\IEXPLORE.EXE"
ProcessID : 3572
ThreadCreationTime : 3/18/2006 6:45:31 PM
BasePriority : Normal
FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 6.00.2900.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Internet Explorer
InternalName : iexplore
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : IEXPLORE.EXE

#:37 [explorer.exe]
ModuleName : C:\WINDOWS\explorer.exe
Command Line : C:\WINDOWS\explorer.exe
ProcessID : 4064
ThreadCreationTime : 3/18/2006 6:50:07 PM
BasePriority : Normal
FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 6.00.2900.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : EXPLORER.EXE

#:38 [taskmgr.exe]
ModuleName : C:\WINDOWS\system32\taskmgr.exe
Command Line : taskmgr.exe
ProcessID : 216
ThreadCreationTime : 3/18/2006 6:59:38 PM
BasePriority : High
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows TaskManager
InternalName : taskmgr
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : taskmgr.exe

#:39 [ad-aware.exe]
ModuleName : C:\PROGRA~1\Lavasoft\AD-AWA~1\Ad-Aware.exe
Command Line : "C:\PROGRA~1\Lavasoft\AD-AWA~1\Ad-Aware.exe" /598853 +483832
ProcessID : 3068
ThreadCreationTime : 3/18/2006 7:04:47 PM
BasePriority : Normal
FileVersion : 6.2.0.236
ProductVersion : SE 106
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft AB Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved

Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0

Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0

Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0

Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : mondragona@2o7[2].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\Documents and Settings\mondragona\Cookies\mondragona@2o7[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : mondragona@ads.pointroll[1].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\Documents and Settings\mondragona\Cookies\mondragona@ads.pointroll[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : mondragona@advertising[2].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\Documents and Settings\mondragona\Cookies\mondragona@advertising[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : mondragona@atdmt[2].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\Documents and Settings\mondragona\Cookies\mondragona@atdmt[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : mondragona@casalemedia[2].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\Documents and Settings\mondragona\Cookies\mondragona@casalemedia[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : mondragona@cgi-bin[2].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\Documents and Settings\mondragona\Cookies\mondragona@cgi-bin[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : mondragona@doubleclick[1].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\Documents and Settings\mondragona\Cookies\mondragona@doubleclick[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : mondragona@edge.ru4[2].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\Documents and Settings\mondragona\Cookies\mondragona@edge.ru4[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : mondragona@fastclick[2].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\Documents and Settings\mondragona\Cookies\mondragona@fastclick[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : mondragona@mediaplex[1].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\Documents and Settings\mondragona\Cookies\mondragona@mediaplex[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : mondragona@tradedoubler[1].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\Documents and Settings\mondragona\Cookies\mondragona@tradedoubler[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : mondragona@tribalfusion[1].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\Documents and Settings\mondragona\Cookies\mondragona@tribalfusion[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : mondragona@valueclick[2].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\Documents and Settings\mondragona\Cookies\mondragona@valueclick[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : mondragona@z1.adserver[1].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\Documents and Settings\mondragona\Cookies\mondragona@z1.adserver[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : mondragona@zedo[2].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\Documents and Settings\mondragona\Cookies\mondragona@zedo[2].txt

Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 15
Objects found so far: 15

Disk Scan Result for C:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 15

Scanning Hosts file......
Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts".
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Hosts file scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
1 entries scanned.
New critical objects:0
Objects found so far: 15

Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 15

12:33:26 PM Scan Complete

Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:07:39.591
Objects scanned:125223
Objects identified:15
Objects ignored:0
New critical objects:15

Would this be a problem better solved with a hijack this logfile?

GR@PH;<'S · « **Reply #1 on:** March 18, 2006, 07:37:24 PM »

Nesatauri,
Please can you submit the file that you have to The Spykiller
Just press new topic, fill in the needed details and just give a link to your posts on the other forum & then press the browse button and then navigate to & select the files on your computer, If there is more than 1 file then press the more attachments button for each extra file and browse and select etc and then when all the files are listed in the windows press Post to upload the files
Do not post HJT logs here as they will not get dealt with
There is a maximum size of 2mb per file and 8mb per post
If you have more than 10 files to upload then please zip them and attach them in one go

(Note :You DO NOT need to be a member to upload, anybody can upload the files)

then can you run
HijackThis
by doubleclickinf on the HijackThis.exe, and hit "Scan".
When the scan is finished, the "Scan" button will change into a "Save Log" button.
Press that, save the log somewhere, and then can you please post you Logfile in the
HijackThis Logs forum.
Call it some thing like "my HijachThis log" in the Topic Title
and then put "referred by GR@PH;<'S" as the Topic Description
Also Please can you include a link to this post for reference

GR@PH;<'S

GR@PH;<'S · « **Reply #2 on:** March 18, 2006, 07:42:53 PM »

Nesatauri,
you may also wish to download and try Ewido Security Suite .

Install ewido security suite
Launch ewido, there should be an icon on your desktop double-click it.
The program will now go to the main screen

You will need to update ewido to the latest definition files.

On the left hand side of the main screen click update
Then click on Start Update

The update will start and a progress bar will show the updates being installed.
If you are having problems with the updater, you can use this link to manually update Ewido.
Ewido manual updates

Once the updates are installed do the following:

Click on scanner
Click on Complete System Scan and the scan will begin.
Once the scan has completed, there will be a button located on the bottom of the screen named Save report
Click Save report.
Save the report .txt file to your desktop.

Now close ewido security suite.
if you do use this program please do so before doing the HijackThis scan as you may just find you that Ewido will some times find items that Ad-aware has not and visa versa
GR@PH;<'S

Nesatauri · « **Reply #3 on:** March 18, 2006, 08:25:35 PM »

Which files are you requesting me to upload? The Ad-Aware and Ewido Logs?

GR@PH;<'S · « **Reply #4 on:** March 18, 2006, 08:32:12 PM »

Nesatauri,

Quote

Here's an Ad-Aware logfile just to get things started, even though Ad-Aware seems to miss winfixer.

If The winfixer ones if they still there, if not do not woory but please do post an HijackThis Log in the HijackThis Logs forum.

GR@PH;<'S

Nesatauri · « **Reply #5 on:** March 18, 2006, 09:00:50 PM »

can't find the files, exido probably deleted them, Going on with the HJT log.
Thanks

GR@PH;<'S · « **Reply #6 on:** March 18, 2006, 09:04:57 PM »

Nesatauri,

Quote

can't find the files, exido probably deleted them, Going on with the HJT log

ok

GR@PH;<'S

Nesatauri · « **Reply #7 on:** March 18, 2006, 10:29:14 PM »

continued at http://www.landzdown.com/index.php?topic=6203.0 for those interested.

GR@PH;<'S · « **Reply #8 on:** March 18, 2006, 10:30:55 PM »

Nesatauri,
Thanks for letting us know

GR@PH;<'S

LS SteveJ · « **Reply #9 on:** March 19, 2006, 10:26:29 AM »

Nesatauri. I dont see any of the Winfixer application processes in that log. Do you mean the winfixer application is up and running on your Dad's machine or he is getting pop-ups that keep wanting to install winfixer?... if that is the case, then he most likely has the Vundo trojan. Then we need to approach this slightly differently...

Corrine · « **Reply #10 on:** March 19, 2006, 04:21:22 PM »

Hi, Steve. Yes, a number of people with Virtumundo have complained of receiving Winfixer popups. Nesatauri is all set now. http://www.landzdown.com/index.php?topic=6203.msg22110#msg22110

LandzDown Forum

News: