Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Bad Winfixer infection


  • Please log in to reply

#1
DavidY

DavidY

    New Member

  • Member
  • Pip
  • 2 posts
A friend of mine accidentally installed Winfixer, thinking that it would fix her popup problem. She has uninstalled the program, but it is still going strong. I've run Ad Aware SE Personal, Spybot S & D, Microsoft Defender, ewido, xoftSpy 4.21, Trend Micro online scan, Kaspersky online scan, FixVundo.exe, VundoFix.exe, VirtumundoBeGone.exe (last 3 did not find anything). BitDefender found some stuff, but only F-Secure's BlackLight Rootkit Eliminator reliably finds the spyware

03/17/06 01:10:54 [Info]: BlackLight Engine 1.0.33 initialized
03/17/06 01:10:54 [Info]: OS: 5.1 build 2600 (Service Pack 2)
03/17/06 01:10:54 [Note]: 7019 4
03/17/06 01:10:54 [Note]: 7005 0
03/17/06 01:10:58 [Note]: 7006 0
03/17/06 01:10:58 [Note]: 7011 2572
03/17/06 01:10:58 [Note]: 7024 3
03/17/06 01:10:58 [Info]: Hidden process: C:\PROGRAM FILES\AMEITING\WSCPVCNO.EXE
03/17/06 01:10:58 [Note]: 7024 3
03/17/06 01:10:58 [Info]: Hidden process: C:\WINDOWS\SYSTEM32\WUCUSBUI.EXE
03/17/06 01:10:58 [Note]: FSRAW library version 1.7.1015
03/17/06 01:11:15 [Info]: Hidden file: C:\Program Files\Ameiting\ace.dll
03/17/06 01:11:15 [Note]: 7002 0
03/17/06 01:11:15 [Note]: 7003 1
03/17/06 01:11:15 [Note]: 10002 3
03/17/06 01:11:15 [Info]: Hidden file: C:\Program Files\Ameiting\AI_15-03-2006.log
03/17/06 01:11:15 [Note]: 7002 0
03/17/06 01:11:15 [Note]: 7003 1
03/17/06 01:11:15 [Note]: 10002 3
03/17/06 01:11:15 [Info]: Hidden file: C:\Program Files\Ameiting\AI_16-03-2006.log
03/17/06 01:11:15 [Note]: 7002 0
03/17/06 01:11:15 [Note]: 7003 1
03/17/06 01:11:15 [Note]: 10002 3
03/17/06 01:11:15 [Info]: Hidden file: C:\Program Files\Ameiting\AI_17-03-2006.log
03/17/06 01:11:15 [Note]: 7002 0
03/17/06 01:11:15 [Note]: 7003 1
03/17/06 01:11:15 [Note]: 10002 3
03/17/06 01:11:15 [Info]: Hidden file: C:\Program Files\Ameiting\Cache\00004823_4419de3e_000521b3
03/17/06 01:11:15 [Note]: 7002 0
03/17/06 01:11:15 [Note]: 7003 1
03/17/06 01:11:15 [Note]: 10002 3
03/17/06 01:11:15 [Info]: Hidden file: C:\Program Files\Ameiting\Cache\00000029_44191be5_0008842c
03/17/06 01:11:15 [Note]: 7002 0
03/17/06 01:11:15 [Note]: 7003 1
03/17/06 01:11:15 [Note]: 10002 3
03/17/06 01:11:15 [Info]: Hidden file: C:\Program Files\Ameiting\Cache\00000029_4419de2b_000a8556
03/17/06 01:11:15 [Note]: 7002 0
03/17/06 01:11:15 [Note]: 7003 1
03/17/06 01:11:15 [Note]: 10002 3
03/17/06 01:11:15 [Info]: Hidden file: C:\Program Files\Ameiting\Cache\000018be_44191bed_0005a2cc
03/17/06 01:11:15 [Note]: 7002 0
03/17/06 01:11:15 [Note]: 7003 1
03/17/06 01:11:15 [Note]: 10002 3
03/17/06 01:11:15 [Info]: Hidden file: C:\Program Files\Ameiting\Cache\000018be_4419de46_00099606
03/17/06 01:11:15 [Note]: 7002 0
03/17/06 01:11:15 [Note]: 7003 1
03/17/06 01:11:15 [Note]: 10002 3
03/17/06 01:11:15 [Info]: Hidden file: C:\Program Files\Ameiting\Cache\00002cd6_4419239b_0008a551
03/17/06 01:11:15 [Note]: 7002 0
03/17/06 01:11:15 [Note]: 7003 1
03/17/06 01:11:15 [Note]: 10002 3
03/17/06 01:11:15 [Info]: Hidden file: C:\Program Files\Ameiting\Cache\00002cd6_4419deb2_0000f4f9
03/17/06 01:11:15 [Note]: 7002 0
03/17/06 01:11:15 [Note]: 7003 1
03/17/06 01:11:15 [Note]: 10002 3
03/17/06 01:11:15 [Info]: Hidden file: C:\Program Files\Ameiting\Cache\00003d6c_44192397_00088ed1
03/17/06 01:11:15 [Note]: 7002 0
03/17/06 01:11:15 [Note]: 7003 1
03/17/06 01:11:15 [Note]: 10002 3
03/17/06 01:11:15 [Info]: Hidden file: C:\Program Files\Ameiting\Cache\00003d6c_4419dea7_0007e5ae
03/17/06 01:11:15 [Note]: 7002 0
03/17/06 01:11:15 [Note]: 7003 1
03/17/06 01:11:15 [Note]: 10002 3
03/17/06 01:11:15 [Info]: Hidden file: C:\Program Files\Ameiting\Cache\00004823_44191be5_000bb9ab
03/17/06 01:11:15 [Note]: 7002 0
03/17/06 01:11:15 [Note]: 7003 1
03/17/06 01:11:15 [Note]: 10002 3
03/17/06 01:11:15 [Info]: Hidden file: C:\Program Files\Ameiting\Cache\00004ae1_44191c03_00070943
03/17/06 01:11:15 [Note]: 7002 0
03/17/06 01:11:15 [Note]: 7003 1
03/17/06 01:11:15 [Note]: 10002 3
03/17/06 01:11:15 [Info]: Hidden file: C:\Program Files\Ameiting\Cache\00004ae1_4419de82_00020aa3
03/17/06 01:11:15 [Note]: 7002 0
03/17/06 01:11:15 [Note]: 7003 1
03/17/06 01:11:15 [Note]: 10002 3
03/17/06 01:11:15 [Info]: Hidden file: C:\Program Files\Ameiting\Cache\00005f90_441927ce_00016634
03/17/06 01:11:15 [Note]: 7002 0
03/17/06 01:11:15 [Note]: 7003 1
03/17/06 01:11:15 [Note]: 10002 3
03/17/06 01:11:15 [Info]: Hidden file: C:\Program Files\Ameiting\Cache\00005f90_4419decc_00081954
03/17/06 01:11:15 [Note]: 7002 0
03/17/06 01:11:15 [Note]: 7003 1
03/17/06 01:11:15 [Note]: 10002 3
03/17/06 01:11:15 [Info]: Hidden file: C:\Program Files\Ameiting\Cache\00006784_44191c02_00081578
03/17/06 01:11:15 [Note]: 7002 0
03/17/06 01:11:15 [Note]: 7003 1
03/17/06 01:11:15 [Note]: 10002 3
03/17/06 01:11:15 [Info]: Hidden file: C:\Program Files\Ameiting\Cache\00006784_4419de66_00019441
03/17/06 01:11:15 [Note]: 7002 0
03/17/06 01:11:15 [Note]: 7003 1
03/17/06 01:11:15 [Note]: 10002 3
03/17/06 01:11:15 [Info]: Hidden file: C:\Program Files\Ameiting\Cache\00006952_4419dec1_0001223b
03/17/06 01:11:15 [Note]: 7002 0
03/17/06 01:11:15 [Note]: 7003 1
03/17/06 01:11:15 [Note]: 10002 3
03/17/06 01:11:15 [Info]: Hidden file: C:\Program Files\Ameiting\Cache\000072ae_4419239f_0008e2f0
03/17/06 01:11:15 [Note]: 7002 0
03/17/06 01:11:15 [Note]: 7003 1
03/17/06 01:11:15 [Note]: 10002 3
03/17/06 01:11:15 [Info]: Hidden file: C:\Program Files\Ameiting\Cache\000072ae_4419deb8_00020170
03/17/06 01:11:15 [Note]: 7002 0
03/17/06 01:11:15 [Note]: 7003 1
03/17/06 01:11:15 [Note]: 10002 3
03/17/06 01:11:15 [Info]: Hidden file: C:\Program Files\Ameiting\Cache\dns
03/17/06 01:11:15 [Note]: 7002 0
03/17/06 01:11:15 [Note]: 7003 1
03/17/06 01:11:15 [Note]: 10002 3
03/17/06 01:11:15 [Info]: Hidden file: C:\Program Files\Ameiting\Cache\index
03/17/06 01:11:15 [Note]: 7002 0
03/17/06 01:11:15 [Note]: 7003 1
03/17/06 01:11:15 [Note]: 10002 3
03/17/06 01:11:15 [Info]: Hidden file: C:\Program Files\Ameiting\lfevpack.exe
03/17/06 01:11:15 [Note]: 7002 0
03/17/06 01:11:15 [Note]: 7003 1
03/17/06 01:11:15 [Note]: 10002 3
03/17/06 01:11:15 [Info]: Hidden file: C:\Program Files\Ameiting\WinGenerics.dll
03/17/06 01:11:15 [Note]: 7002 0
03/17/06 01:11:15 [Note]: 7003 1
03/17/06 01:11:15 [Note]: 10002 3
03/17/06 01:11:15 [Info]: Hidden file: C:\PROGRAM FILES\AMEITING\WSCPVCNO.EXE
03/17/06 01:11:15 [Note]: 7002 0
03/17/06 01:11:15 [Note]: 7003 1
03/17/06 01:11:15 [Note]: 10002 3
03/17/06 01:11:25 [Info]: Hidden file: C:\WINDOWS\system32\drivers\briiswan.sys
03/17/06 01:11:25 [Note]: 7002 0
03/17/06 01:11:25 [Note]: 7003 1
03/17/06 01:11:25 [Note]: 10002 1
03/17/06 01:11:27 [Info]: Hidden file: C:\WINDOWS\SYSTEM32\WUCUSBUI.EXE
03/17/06 01:11:27 [Note]: 7002 0
03/17/06 01:11:27 [Note]: 7003 1
03/17/06 01:11:27 [Note]: 10002 1
03/17/06 01:18:20 [Note]: 7007 0


Logfile of HijackThis v1.99.1
Scan saved at 1:17:23 AM, on 3/17/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\SCardSvr.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Download\blbeta.exe
C:\Hijack This\hijackthis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://bfc.myway.com...de_srchlft.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R3 - URLSearchHook: (no name) - _{4D25F926-B9FE-4682-BF72-8AB8210D6D75} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.2\THGuard.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com...kup/qdiagcc.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - https://objects.aol....83/mcinsctl.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitd...can8/oscan8.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1130944100443
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Housecall ActiveX 6.5) - http://housecall65.t...ivex/hcImpl.cab
O16 - DPF: {B1826A9F-4AA0-4510-BA77-9013E74E4B9B} - http://www.trendmicr...scan/as4web.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - https://objects.aol....,20/McGDMgr.cab
O20 - Winlogon Notify: IntelWireless - C:\Program Files\Intel\Wireless\Bin\LgNotify.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
  • 0

Advertisements


#2
DavidY

DavidY

    New Member

  • Topic Starter
  • Member
  • Pip
  • 2 posts
Fixed the problem. Ran AproposFix in Safe Mode and it deleted the bad stuff. BlackLight found nothing.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP