Beware Winfixer

min0 lee · Sep 2, 2005

Bastards

Spyware Information: WinFixer
This is an adware application. Adware runs silently on your computer, popping up ads when you're surfing the Internet (and sometimes even when you're offline). It's sometimes hard to recognize that you have an adware application on your computer because its popups look just like regular popups from web pages.

If you have a popup blocker on your computer, and you're still seeing popups, the problem very well may be this adware application. Some adware applications watch which web sites you visit and send this information back to advertisers.

Size: 2,234,435 bytes
Threat level: Medium (more info...)
Detections: 856 this month: 18
Author: Aurora
Appeared: 7/25/2005
Research
Method of infection: WinFixer is usually installed by pop up ads displayed by other spyware. The ad is usually a Windows dialog box prompting to install WinFixer. It will inform the user that they have critical system problems and should download WinFixer immediatley. Even if the user selects the do not install option or closes the dialog, WinFixer will install anyways.
Advertising: Yes, once installed WinFixer will alert the user that they have many critical errors on their machine. It will then inform the user that they must register WinFixer immediatley to fix these problems.
Privacy issues: WinFixer may collect personally identifiable information and share that information with its affiliates. It may also gather information about the user's computer and could possibly report that back to its controllin servers.
Privacy policy: WinFixer Privacy Policy
Security issues: WinFixer will automatically install itself without permission, it may also allow for other unsigned executable code to be run without user permission.
Stability issues: WinFixer runs as a background process and installs files into the sytem directory. Because it runs as a background process and nests itself into the operating system it may cause stability problems.

min0 lee · Sep 2, 2005

Any fix.This shit laughs at spybot and adaware

GFR · Sep 2, 2005

Untill the Government starts making and enforcing laws to stop these scum ( big business) we are forced to deal with it.
And they never will try to stop them......

buildingup · Sep 2, 2005

my winfixer itches!

jkhnwspec · Sep 2, 2005

Have a look below.

http://castlecops.com/t130077-WINFIXER.html

See if any of it helps.

min0 lee · Sep 2, 2005

Thanks, I heard hijack this is also good.

min0 lee · Sep 2, 2005

My stupid spouseand its porn, pisses me off

tucker01 · Sep 2, 2005

min0 lee said:
My stupid spouseand its porn, pisses me off

Haha now that is funny

min0 lee · Sep 2, 2005

---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 1:49:15 PM, 8/13/2005
+ Report-Checksum: 89BECFC

+ Scan result:

HKLM\SOFTWARE\Classes\CLSID\{2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} -> Spyware.MiniBug : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} -> Spyware.ISTBar : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{6EC11407-5B2E-4E25-8BDF-77445B52AB37} -> Spyware.VX2 : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{E004800A-73C6-4587-B855-98D0CE0C16B1} -> Spyware.BrowserAid : Cleaned with backup
HKLM\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{6EC11407-5B2E-4E25-8BDF-77445B52AB37} -> Spyware.VX2 : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{90CCDCB0-C9E5-4DC0-B791-A1111D37AF9D} -> Spyware.iLookup : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{967B8A74-4063-49AB-95D4-E3D25308EC66} -> Spyware.iLookup : Cleaned with backup
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AEECBFDA-12FA-4881-BDCE-8C3E1CE4B344} -> Spyware.BargainBuddy : Cleaned with backup
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CE188402-6EE7-4022-8868-AB25173A3E14} -> Spyware.BargainBuddy : Cleaned with backup
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F4E04583-354E-4076-BE7D-ED6A80FD66DA} -> Spyware.BargainBuddy : Cleaned with backup
HKU\S-1-5-21-397021619-357790936-6498272-18585\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0019C3E2-DD48-4A6D-ABCD-8D32436323D9} -> Spyware.BookedSpace : Cleaned with backup
HKU\S-1-5-21-397021619-357790936-6498272-18585\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{016235BE-59D4-4CEB-ADD5-E2378282A1D9} -> Spyware.AproposMedia : Cleaned with backup
HKU\S-1-5-21-397021619-357790936-6498272-18585\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{12EE7A5E-0674-42F9-A76A-000000004D00} -> Spyware.BrowserAid : Cleaned with backup
HKU\S-1-5-21-397021619-357790936-6498272-18585\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{12EE7A5E-0674-42F9-A76B-000000004D00} -> Spyware.BrowserAid : Cleaned with backup
HKU\S-1-5-21-397021619-357790936-6498272-18585\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3643ABC2-21BF-46B9-B230-F247DB0C6FD6} -> Spyware.E2Give : Cleaned with backup
HKU\S-1-5-21-397021619-357790936-6498272-18585\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3D898C55-74CC-4B7C-B5F1-45913F368388} -> Spyware.AdKiller : Cleaned with backup
HKU\S-1-5-21-397021619-357790936-6498272-18585\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AEECBFDA-12FA-4881-BDCE-8C3E1CE4B344} -> Spyware.BargainBuddy : Cleaned with backup
HKU\S-1-5-21-397021619-357790936-6498272-18585\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CE188402-6EE7-4022-8868-AB25173A3E14} -> Spyware.BargainBuddy : Cleaned with backup
HKU\S-1-5-21-397021619-357790936-6498272-18585\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F4E04583-354E-4076-BE7D-ED6A80FD66DA} -> Spyware.BargainBuddy : Cleaned with backup
HKU\S-1-5-21-397021619-357790936-6498272-18585\Software\{12EE7A5E-0674-42f9-A76B-000000004D00} -> Spyware.BrowserAid : Cleaned with backup
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AEECBFDA-12FA-4881-BDCE-8C3E1CE4B344} -> Spyware.BargainBuddy : Cleaned with backup
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CE188402-6EE7-4022-8868-AB25173A3E14} -> Spyware.BargainBuddy : Cleaned with backup
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F4E04583-354E-4076-BE7D-ED6A80FD66DA} -> Spyware.BargainBuddy : Cleaned with backup
C:\Documents and Settings\All Users\Application Data\SecTaskMan\auhs.exe.q_8D2601_q -> TrojanDownloader.PurityScan.y : Cleaned with backup
C:\Documents and Settings\All Users\Application Data\SecTaskMan\auhs.exe.q_8D2601_q.old -> TrojanDownloader.PurityScan.y : Cleaned with backup
C:\Documents and Settings\All Users\Application Data\SecTaskMan\AUNPS2.DLL.q_8046000_q -> Spyware.Hijacker.Generic : Cleaned with backup
C:\Documents and Settings\All Users\Application Data\SecTaskMan\jojjoo.exe.q_804F200_q -> TrojanDownloader.Qoologic.n : Cleaned with backup
C:\Documents and Settings\All Users\Application Data\SecTaskMan\pokapoka62.exe.q_404D201_q -> Spyware.EliteBar : Cleaned with backup
C:\Documents and Settings\joim\Cookies\joim@2o7[1].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\joim\Cookies\joim@ad.yieldmanager[2].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\joim\Cookies\joim@ad1.clickhype[1].txt -> Spyware.Cookie.Clickhype : Cleaned with backup
C:\Documents and Settings\joim\Cookies\joim@adopt.specificclick[2].txt -> Spyware.Cookie.Specificclick : Cleaned with backup
C:\Documents and Settings\joim\Cookies\joim@adorigin[2].txt -> Spyware.Cookie.Adorigin : Cleaned with backup
C:\Documents and Settings\joim\Cookies\joim@ads.pointroll[1].txt -> Spyware.Cookie.Pointroll : Cleaned with backup
C:\Documents and Settings\joim\Cookies\joim@burstnet[1].txt -> Spyware.Cookie.Burstnet : Cleaned with backup
C:\Documents and Settings\joim\Cookies\joim@buycom.122.2o7[2].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\joim\Cookies\joim@casalemedia[1].txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
C:\Documents and Settings\joim\Cookies\joim@centrport[1].txt -> Spyware.Cookie.Centrport : Cleaned with backup
C:\Documents and Settings\joim\Cookies\joim@cz4.clickzs[1].txt -> Spyware.Cookie.Clickzs : Cleaned with backup
C:\Documents and Settings\joim\Cookies\joim@cz5.clickzs[2].txt -> Spyware.Cookie.Clickzs : Cleaned with backup
C:\Documents and Settings\joim\Cookies\joim@cz6.clickzs[2].txt -> Spyware.Cookie.Clickzs : Cleaned with backup
C:\Documents and Settings\joim\Cookies\joim@cz7.clickzs[2].txt -> Spyware.Cookie.Clickzs : Cleaned with backup
C:\Documents and Settings\joim\Cookies\joim@cz9.clickzs[2].txt -> Spyware.Cookie.Clickzs : Cleaned with backup
C:\Documents and Settings\joim\Cookies\joim@e-2dj6wfk4gjcpibp.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\joim\Cookies\joim@e-2dj6wfk4kidzkdq.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\joim\Cookies\joim@e-2dj6wfk4oodzglp.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\joim\Cookies\joim@e-2dj6wfk4uhczwdp.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\joim\Cookies\joim@e-2dj6wfk4undjsgq.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\joim\Cookies\joim@e-2dj6wfkicidzogp.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\joim\Cookies\joim@e-2dj6wfkikhdjelp.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\joim\Cookies\joim@e-2dj6wfkocoazwap.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\joim\Cookies\joim@e-2dj6wfkyamazwgp.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\joim\Cookies\joim@e-2dj6wfkyekd5wfo.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\joim\Cookies\joim@e-2dj6wfl4ejdjmfo.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\joim\Cookies\joim@e-2dj6wfl4ggczego.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\joim\Cookies\joim@e-2dj6wfl4omcjeco.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\joim\Cookies\joim@e-2dj6wfloehczgdq.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\joim\Cookies\joim@e-2dj6wfloeld5mfp.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\joim\Cookies\joim@e-2dj6wfloonajskp.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\joim\Cookies\joim@e-2dj6wflosgcpkdp.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\joim\Cookies\joim@e-2dj6wfmiohajokp.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\joim\Cookies\joim@e-2dj6wjk4sjczsbq.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\joim\Cookies\joim@e-2dj6wjk4smdzihp.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\joim\Cookies\joim@e-2dj6wjk4ukazebo.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\joim\Cookies\joim@e-2dj6wjkyoicjilo.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\joim\Cookies\joim@e-2dj6wjkyopczsco.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\joim\Cookies\joim@e-2dj6wjkyujcjieo.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\joim\Cookies\joim@e-2dj6wjl4chdpeap.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\joim\Cookies\joim@e-2dj6wjliahcjmkp.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\joim\Cookies\joim@e-2dj6wjlieoazgko.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\joim\Cookies\joim@e-2dj6wjligjd5ibo.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\joim\Cookies\joim@e-2dj6wjlikgdpgbq.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\joim\Cookies\joim@e-2dj6wjlikpcpkkq.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\joim\Cookies\joim@e-2dj6wjlioidpcko.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\joim\Cookies\joim@e-2dj6wjliokc5oeq.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\joim\Cookies\joim@e-2dj6wjliskcjmkp.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\joim\Cookies\joim@e-2dj6wjloclajmhp.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\joim\Cookies\joim@e-2dj6wjloclczago.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\joim\Cookies\joim@e-2dj6wjloeiczcgq.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\joim\Cookies\joim@e-2dj6wjlokocpaeq.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\joim\Cookies\joim@e-2dj6wjloogazwbo.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\joim\Cookies\joim@e-2dj6wjlyajcjkfq.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\joim\Cookies\joim@e-2dj6wjlychajcgo.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\joim\Cookies\joim@e-2dj6wjlychczghp.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\joim\Cookies\joim@e-2dj6wjlycndjelo.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\joim\Cookies\joim@e-2dj6wjlycpdjidp.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\joim\Cookies\joim@e-2dj6wjlyuhdpsap.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\joim\Cookies\joim@e-2dj6wjlywiazwkq.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\joim\Cookies\joim@e-2dj6wjmiaocpsko.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\joim\Cookies\joim@e-2dj6wjmicicjkdo.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\joim\Cookies\joim@e-2dj6wjmiemczkdq.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\joim\Cookies\joim@e-2dj6wjmyqocpglo.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\joim\Cookies\joim@e-2dj6wjmysjdpako.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\joim\Cookies\joim@e-2dj6wjmywgd5eeo.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\joim\Cookies\joim@e-2dj6wjny-1jdzsc.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\joim\Cookies\joim@e-2dj6wjny-1ndpcb.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\joim\Cookies\joim@e-2dj6wjny-1sd5md.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\joim\Cookies\joim@e-2dj6wjnyahdzmlq.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\joim\Cookies\joim@e-2dj6wjnyandzcdo.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\joim\Cookies\joim@e-2dj6wjnychdzadp.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\joim\Cookies\joim@e-2dj6wjnycicjohp.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\joim\Cookies\joim@e-2dj6wjnyeocpofp.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\joim\Cookies\joim@e-2dj6wjnygkd5edo.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\joim\Cookies\joim@e-2dj6wjnyonc5abo.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\joim\Cookies\joim@e-2dj6wjnysnc5wap.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\joim\Cookies\joim@e-2dj6wjnyuhdzsfo.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\joim\Cookies\joim@e-2dj6wjnywjc5aep.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\joim\Cookies\joim@e-2dj6wjnywncpclp.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\joim\Cookies\joim@edge.ru4[1].txt -> Spyware.Cookie.Ru4 : Cleaned with backup
C:\Documents and Settings\joim\Cookies\joim@hypertracker[1].txt -> Spyware.Cookie.Hypertracker : Cleaned with backup
C:\Documents and Settings\joim\Cookies\joim@image.masterstats[1].txt -> Spyware.Cookie.Masterstats : Cleaned with backup
C:\Documents and Settings\joim\Cookies\joim@ivwbox[1].txt -> Spyware.Cookie.Ivwbox : Cleaned with backup
C:\Documents and Settings\joim\Cookies\joim@paypopup[2].txt -> Spyware.Cookie.Paypopup : Cleaned with backup
C:\Documents and Settings\joim\Cookies\joim@perf.overture[1].txt -> Spyware.Cookie.Overture : Cleaned with backup
C:\Documents and Settings\joim\Cookies\joim@ppms.popularix[2].txt -> Spyware.Cookie.Popularix : Cleaned with backup
C:\Documents and Settings\joim\Cookies\joim@programs.wegcash[2].txt -> Spyware.Cookie.Wegcash : Cleaned with backup
C:\Documents and Settings\joim\Cookies\joim@questionmarket[1].txt -> Spyware.Cookie.Questionmarket : Cleaned with backup
C:\Documents and Settings\joim\Cookies\joim@rotator.adjuggler[2].txt -> Spyware.Cookie.Adjuggler : Cleaned with backup
C:\Documents and Settings\joim\Cookies\joim@sec1.liveperson[2].txt -> Spyware.Cookie.Liveperson : Cleaned with backup
C:\Documents and Settings\joim\Cookies\joim@server.iad.liveperson[1].txt -> Spyware.Cookie.Liveperson : Cleaned with backup
C:\Documents and Settings\joim\Cookies\joim@serving-sys[1].txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
C:\Documents and Settings\joim\Cookies\joim@stat.onestat[2].txt -> Spyware.Cookie.Onestat : Cleaned with backup
C:\Documents and Settings\joim\Cookies\joim@trafficmp[2].txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
C:\Documents and Settings\joim\Cookies\joim@trafic[1].txt -> Spyware.Cookie.Trafic : Cleaned with backup
C:\Documents and Settings\joim\Cookies\joim@tribalfusion[2].txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
C:\Documents and Settings\joim\Cookies\joim@trls.valueclick[1].txt -> Spyware.Cookie.Valueclick : Cleaned with backup
C:\Documents and Settings\joim\Cookies\joim@valueclick[2].txt -> Spyware.Cookie.Valueclick : Cleaned with backup
C:\Documents and Settings\joim\Cookies\joim@www.burstnet[2].txt -> Spyware.Cookie.Burstnet : Cleaned with backup
C:\Documents and Settings\joim\Cookies\joim@yieldmanager[1].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\joim\Cookies\joim@z1.adserver[1].txt -> Spyware.Cookie.Adserver : Cleaned with backup
C:\Documents and Settings\joim\cxtpls_loader.exe -> TrojanDownloader.Apropo.ae : Cleaned with backup
C:\Documents and Settings\joim\Desktop\l2mfix\backup.zip/abi2edxx.dll -> Spyware.Look2Me : Error during cleaning
C:\Documents and Settings\joim\Desktop\l2mfix\backup.zip/cfsbrkr.dll -> Spyware.Look2Me : Error during cleaning
C:\Documents and Settings\joim\Desktop\l2mfix\backup.zip/erpsrv.dll -> Spyware.Look2Me : Error during cleaning
C:\Documents and Settings\joim\Desktop\l2mfix\backup.zip/mc4sdmod.dll -> Spyware.Look2Me : Error during cleaning
C:\Documents and Settings\joim\Desktop\l2mfix\backup.zip/PK171Pin.dll -> Spyware.Look2Me : Error during cleaning
C:\Documents and Settings\joim\Desktop\l2mfix\backup.zip/PWIKey.dll -> Spyware.Look2Me : Error during cleaning
C:\Documents and Settings\joim\Desktop\l2mfix\backup.zip/sfsvcs.dll -> Spyware.Look2Me : Error during cleaning
C:\Documents and Settings\joim\Desktop\l2mfix\backup.zip/uceg.dll -> Spyware.Look2Me : Error during cleaning
C:\Documents and Settings\joim\Desktop\l2mfix\backup.zip/guard.tmp -> Spyware.Look2Me : Error during cleaning
C:\Documents and Settings\joim\ezStub.exe -> Adware.eZula : Cleaned with backup
C:\Documents and Settings\joim\InstallAPS.exe -> TrojanDropper.Agent.lu : Cleaned with backup
C:\Documents and Settings\joim\Local Settings\Temporary Internet Files\Content.IE5\29MB0PER\AppWrap[1].exe -> TrojanDropper.Agent.pb : Cleaned with backup
C:\Documents and Settings\joim\Local Settings\Temporary Internet Files\Content.IE5\29MB0PER\AppWrap[2].exe -> TrojanDropper.Agent.pb : Cleaned with backup
C:\Documents and Settings\joim\Local Settings\Temporary Internet Files\Content.IE5\29MB0PER\AppWrap[3].exe -> TrojanDropper.Agent.pb : Cleaned with backup
C:\Documents and Settings\joim\Local Settings\Temporary Internet Files\Content.IE5\29MB0PER\AppWrap[4].exe -> TrojanDropper.Agent.pb : Cleaned with backup
C:\Documents and Settings\joim\Local Settings\Temporary Internet Files\Content.IE5\29MB0PER\AppWrap[5].exe -> TrojanDropper.Agent.pb : Cleaned with backup
C:\Documents and Settings\joim\Local Settings\Temporary Internet Files\Content.IE5\29MB0PER\AutoUpdaterInstaller[2].exe -> TrojanDownloader.Apropo.g : Cleaned with backup
C:\Documents and Settings\joim\Local Settings\Temporary Internet Files\Content.IE5\90BY7VDZ\AppWrap[1].exe -> TrojanDropper.Agent.pb : Cleaned with backup
C:\Documents and Settings\joim\Local Settings\Temporary Internet Files\Content.IE5\90BY7VDZ\AppWrap[2].exe -> TrojanDropper.Agent.pb : Cleaned with backup
C:\Documents and Settings\joim\Local Settings\Temporary Internet Files\Content.IE5\90BY7VDZ\recinst[1].exe -> TrojanDownloader.Qoologic.x : Cleaned with backup
C:\Documents and Settings\joim\Local Settings\Temporary Internet Files\Content.IE5\CTIFS9AB\AppWrap[1].exe -> TrojanDropper.Agent.pb : Cleaned with backup
C:\Documents and Settings\joim\Local Settings\Temporary Internet Files\Content.IE5\DDK6SVHB\AppWrap[1].exe -> Spyware.AdURL : Cleaned with backup
C:\Documents and Settings\joim\Local Settings\Temporary Internet Files\Content.IE5\DDK6SVHB\AppWrap[2].exe -> TrojanDropper.Agent.pb : Cleaned with backup
C:\Documents and Settings\joim\Local Settings\Temporary Internet Files\Content.IE5\G1IR89AZ\AppWrap[1].exe -> TrojanDropper.Agent.pb : Cleaned with backup
C:\Documents and Settings\joim\Local Settings\Temporary Internet Files\Content.IE5\G1IR89AZ\AppWrap[2].exe -> TrojanDropper.Agent.pb : Cleaned with backup
C:\Documents and Settings\joim\Local Settings\Temporary Internet Files\Content.IE5\G1IR89AZ\AppWrap[3].exe -> TrojanDropper.Agent.pb : Cleaned with backup
C:\Documents and Settings\joim\Local Settings\Temporary Internet Files\Content.IE5\G1IR89AZ\AppWrap[4].exe -> TrojanDropper.Agent.pb : Cleaned with backup
C:\Documents and Settings\joim\Local Settings\Temporary Internet Files\Content.IE5\G1IR89AZ\AppWrap[6].exe -> TrojanDropper.Agent.pb : Cleaned with backup
C:\Documents and Settings\joim\Local Settings\Temporary Internet Files\Content.IE5\QPG7ADAT\AppWrap[2].exe -> TrojanDropper.Agent.pb : Cleaned with backup
C:\Documents and Settings\joim\Local Settings\Temporary Internet Files\Content.IE5\WT6V0XYF\AppWrap[1].exe -> TrojanDropper.Agent.pb : Cleaned with backup
C:\Documents and Settings\joim\Local Settings\Temporary Internet Files\Content.IE5\WT6V0XYF\AppWrap[2].exe -> TrojanDropper.Agent.pb : Cleaned with backup
C:\Documents and Settings\joim\SSK39.exe -> TrojanDropper.Small.qn : Cleaned with backup
C:\Documents and Settings\joim\thin-175-1-x-x.exe -> Adware.BetterInternet : Cleaned with backup
C:\Documents and Settings\joim\VB3.exe -> TrojanDropper.Agent.hl : Cleaned with backup
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\0H0R0TKL\!update-2264[1].0000 -> Spyware.MediaTickets : Cleaned with backup
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\4HQB8XE3\!update-2224[1].0000 -> TrojanDownloader.PurityScan.y : Cleaned with backup
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\4HQB8XE3\!update-2244[1].0000 -> TrojanDownloader.PurityScan.y : Cleaned with backup
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\4HQB8XE3\!update-2274[1].0000 -> Spyware.MediaTickets : Cleaned with backup
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\GT6J8XYB\!update-2214[1].0000 -> TrojanDownloader.PurityScan.y : Cleaned with backup
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\GT6J8XYB\!update-2234[1].0000 -> TrojanDownloader.PurityScan.y : Cleaned with backup
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\MJE5A1A7\!update-2254[1].0000 -> TrojanDownloader.PurityScan.y : Cleaned with backup
C:\Program Files\uoer\auhs.exe -> TrojanDownloader.PurityScan.y : Cleaned with backup
C:\Temp\!update.exe -> TrojanDownloader.PurityScan.y : Cleaned with backup
C:\Temp\180SAAX.cab/clientax.dll -> Spyware.180Solutions : Cleaned with backup
C:\Temp\AutoUpdate1\AutoUpdate.exe -> TrojanDownloader.Apropo.g : Cleaned with backup
C:\Temp\AutoUpdate1\auto_update_install.exe -> Spyware.AproposMedia : Cleaned with backup
C:\Temp\AutoUpdate1\auto_update_uninstall.exe -> Spyware.AproposMedia : Cleaned with backup
C:\Temp\clientax.dll -> Spyware.180Solutions : Cleaned with backup
C:\Temp\Cookies\joim@247realmedia[1].txt -> Spyware.Cookie.247realmedia : Cleaned with backup
C:\Temp\Cookies\joim@2o7[1].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Temp\Cookies\joim@ad.yieldmanager[2].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Temp\Cookies\joim@adopt.specificclick[1].txt -> Spyware.Cookie.Specificclick : Cleaned with backup
C:\Temp\Cookies\joim@ads.addynamix[2].txt -> Spyware.Cookie.Addynamix : Cleaned with backup
C:\Temp\Cookies\joim@ads.pointroll[1].txt -> Spyware.Cookie.Pointroll : Cleaned with backup
C:\Temp\Cookies\joim@adtech[1].txt -> Spyware.Cookie.Adtech : Cleaned with backup
C:\Temp\Cookies\joim@as-us.falkag[1].txt -> Spyware.Cookie.Falkag : Cleaned with backup
C:\Temp\Cookies\joim@bluestreak[2].txt -> Spyware.Cookie.Bluestreak : Cleaned with backup
C:\Temp\Cookies\joim@bs.serving-sys[1].txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
C:\Temp\Cookies\joim@burstnet[1].txt -> Spyware.Cookie.Burstnet : Cleaned with backup
C:\Temp\Cookies\joim@buycom.122.2o7[1].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Temp\Cookies\joim@casalemedia[2].txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
C:\Temp\Cookies\joim@centrport[2].txt -> Spyware.Cookie.Centrport : Cleaned with backup
C:\Temp\Cookies\joim@citi.bridgetrack[2].txt -> Spyware.Cookie.Bridgetrack : Cleaned with backup
C:\Temp\Cookies\joim@e-2dj6wfl4qmajolo.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Temp\Cookies\joim@e-2dj6wfligiczgfp.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Temp\Cookies\joim@e-2dj6wjkysmc5aap.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Temp\Cookies\joim@e-2dj6wjl4gmdpahp.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Temp\Cookies\joim@e-2dj6wjliajdpkbp.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Temp\Cookies\joim@e-2dj6wjnywjc5aep.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Temp\Cookies\joim@edge.ru4[2].txt -> Spyware.Cookie.Ru4 : Cleaned with backup
C:\Temp\Cookies\joim@overture[2].txt -> Spyware.Cookie.Overture : Cleaned with backup
C:\Temp\Cookies\joim@paycounter[1].txt -> Spyware.Cookie.Paycounter : Cleaned with backup
C:\Temp\Cookies\joim@paypopup[2].txt -> Spyware.Cookie.Paypopup : Cleaned with backup
C:\Temp\Cookies\joim@perf.overture[1].txt -> Spyware.Cookie.Overture : Cleaned with backup
C:\Temp\Cookies\joim@popunder.paypopup[2].txt -> Spyware.Cookie.Paypopup : Cleaned with backup
C:\Temp\Cookies\joim@questionmarket[1].txt -> Spyware.Cookie.Questionmarket : Cleaned with backup
C:\Temp\Cookies\joim@revenue[2].txt -> Spyware.Cookie.Revenue : Cleaned with backup
C:\Temp\Cookies\joim@rotator.adjuggler[1].txt -> Spyware.Cookie.Adjuggler : Cleaned with backup
C:\Temp\Cookies\joim@sel.as-us.falkag[1].txt -> Spyware.Cookie.Falkag : Cleaned with backup
C:\Temp\Cookies\joim@server.iad.liveperson[2].txt -> Spyware.Cookie.Liveperson : Cleaned with backup
C:\Temp\Cookies\joim@serving-sys[2].txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
C:\Temp\Cookies\joim@spylog[1].txt -> Spyware.Cookie.Spylog : Cleaned with backup
C:\Temp\Cookies\joim@statcounter[2].txt -> Spyware.Cookie.Statcounter : Cleaned with backup
C:\Temp\Cookies\joim@trafficmp[1].txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
C:\Temp\Cookies\joim@tribalfusion[1].txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
C:\Temp\Cookies\joim@www.burstnet[1].txt -> Spyware.Cookie.Burstnet : Cleaned with backup
C:\Temp\Cookies\joim@yieldmanager[1].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Temp\Cookies\joim@z1.adserver[1].txt -> Spyware.Cookie.Adserver : Cleaned with backup
C:\Temp\Del9C.tmp -> TrojanDownloader.Small.asf : Cleaned with backup
C:\Temp\f194830.exe -> TrojanDownloader.Qoologic.n : Cleaned with backup
C:\Temp\MediaAccessInstPack.exe -> Spyware.WinAD : Cleaned with backup
C:\Temp\res9D.tmp -> Spyware.180Solutions : Cleaned with backup
C:\Temp\Temporary Internet Files\Content.IE5\0LMF4D63\pcs_0026[1].exe -> Spyware.Pacer : Cleaned with backup
C:\Temp\tp7543.exe -> TrojanDownloader.Qoologic.x : Cleaned with backup
C:\WINDOWS\cfgmgr52\EECH1.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINDOWS\cfgmgr52\SPZ3.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINDOWS\Downloaded Program Files\clientax.dll -> Spyware.180Solutions : Cleaned with backup
C:\WINDOWS\etb\nt_hide62.dll -> Spyware.EliteBar : Cleaned with backup
C:\WINDOWS\etb\pokapoka62.exe -> Spyware.EliteBar : Cleaned with backup
C:\WINDOWS\etb\xud_62.dll -> Spyware.EliteBar : Cleaned with backup
C:\WINDOWS\ggtesvc.exe -> TrojanDropper.Agent.mu : Cleaned with backup
C:\WINDOWS\ru.exe -> Spyware.PurityScan : Cleaned with backup
C:\WINDOWS\system\UpdInst.exe -> Spyware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\conres.cpl -> TrojanDownloader.Qoologic.p : Cleaned with backup
C:\WINDOWS\system32\lanbrup.exe -> Spyware.SafeSurfing : Cleaned with backup
C:\WINDOWS\system32\pifquoui.exe -> TrojanDownloader.Agent.ro : Cleaned with backup
C:\WINDOWS\system32\qassta.exe -> Spyware.Apropos : Cleaned with backup
C:\WINDOWS\system32\rcskcc.exe -> Spyware.Adstart : Cleaned with backup
C:\WINDOWS\system32\rcskcf.exe -> Spyware.Adstart : Cleaned with backup
C:\WINDOWS\system32\thin-94-1-x-x.exe -> Adware.BetterInternet : Cleaned with backup
C:\WINDOWS\system32\υѕerinit.exe -> Spyware.PurityScan : Cleaned with backup
C:\WINDOWS\system32\ѕсanregw.exe -> Spyware.PurityScan : Cleaned with backup
C:\WINDOWS\visfxun.exe -> TrojanDownloader.VB.kd : Cleaned with backup

::Report End

HJTLOG:

Logfile of HijackThis v1.99.1
Scan saved at 1:57:32 PM, on 8/13/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ntnn.exe
C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
C:\WINDOWS\system32\wuauclt.exe
D:\Program Files\Crazy Browser\Crazy Browser.exe
C:\hijackthis[1]\HijackThis.exe

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [winsync] C:\WINDOWS\system32\jojjoo.exe reg_run
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe"
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O10 - Broken Internet access because of LSP provider 'xfire_lsp_10650.dll' missing
O16 - DPF: {1DE9BB01-B121-401D-8877-BCD5ED5B7EE5} (Tpwin Control) - http://www.crezio.com/test/leeyunho/AlwaysOn/AlwaysOn.CAB
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: CWShredder Service - Unknown owner - C:\Temp\Rar$EX00.982\CWShredder.exe (file missing)
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

min0 lee · Sep 2, 2005

That's not mine, it's from a member from that site. Too much for me.

Eggs · Sep 2, 2005

Damn, that adware got owned. Hows it running now?

Eggs · Sep 2, 2005

Oh, heh... thought that was all yours.

Mudge · Sep 2, 2005

I told my browsers not to allow sites to install jack shit anymore. Spyware is a HUGE ass problem now.

min0 lee · Sep 2, 2005

Just that one keeps popping up, i'll get it sooner or later.

min0 lee · Sep 2, 2005

Big time, spyware slows down computers to a halt.

I wish I knew what thrill they get from that crap.

GFR · Sep 2, 2005

min0 lee said:
Big time, spyware slows down computers to a halt.

I wish I knew what thrill they get from that crap.

If I ever find them I will beat them to death and eat their hearts....

Thought that might cheer you up

......and I'm not kidding.

min0 lee · Sep 2, 2005

min0 lee · Sep 2, 2005

min0 lee said:
:d

Oh my god! It's worse than I thought, they are messing with my smilies.

jkhnwspec · Sep 2, 2005

Another site to have a look at. You may need to join before you can search for Winfixer.

http://forums.spywareinfo.com/index.php?

They should be able to help you out.

min0 lee · Sep 2, 2005

Thanks, that sites pretty good.

Beware Winfixer

min0 lee

Senior Member

min0 lee

Senior Member

GFR

buildingup

jkhnwspec

Registered User

min0 lee

Senior Member

min0 lee

Senior Member

tucker01

Senior Member

min0 lee

Senior Member

min0 lee

Senior Member

Eggs

Senior Member

Eggs

Senior Member

Mudge

Senior Member

min0 lee

Senior Member

min0 lee

Senior Member

GFR

min0 lee

Senior Member

min0 lee

Senior Member

jkhnwspec

Registered User

min0 lee

Senior Member