1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Hijack log posted: Installed Winzix (uninstalled now) but left with adware!

Discussion in 'Virus & Other Malware Removal' started by gurge, Apr 27, 2007.

Thread Status:
Not open for further replies.
Advertisement
  1. gurge

    gurge Thread Starter

    Joined:
    Apr 27, 2007
    Messages:
    5
    Hi everyone! Hope I can get some help here :) I made the silly mistake of installing this program called winzix to extract a file, only to find out that this format of file is bogus and upon searching, I realised i installed a trojan. I uninstalled the program already (by conventional means) and now I have ads every random page, in the title it always starts with 'Cid' and I tried to use double inverted commas keys, and seems i keep getting '@'s instead now and when I try to key @s i get "s, not sure if its the work of the virus (but I'm sure it is cause this problem JUST popped up, sigh. I hope I can get some help, and I am not very tech savvy, so I hope I can get help with simple instructions! :) Posted is my Hijack log! Thank you so much for any help! I really appreciate it!

    Logfile of HijackThis v1.99.1
    Scan saved at 10:25:33 PM, on 4/27/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\System32\ibmpmsvc.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\SMU-VPN\cvpnd.exe
    C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
    C:\Program Files\CA\eTrust Antivirus\InoRpc.exe
    C:\Program Files\CA\eTrust Antivirus\InoRT.exe
    C:\Program Files\CA\eTrust Antivirus\InoTask.exe
    C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\WINDOWS\LogWatNT.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\TpKmpSVC.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    C:\WINDOWS\system32\RunDll32.exe
    C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
    C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
    C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe
    C:\Program Files\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe
    C:\WINDOWS\AGRSMMSG.exe
    C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
    C:\PROGRA~1\CA\ETRUST~1\realmon.exe
    C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\3M\PSN2Lite\Psn2Lite.exe
    C:\PROGRA~1\3M\PSN2Lite\PSNGive.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    c:\progra~1\intern~1\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Documents and Settings\weiling.neo.2003\Desktop\hijackthis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.smu.edu.sg/
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.singnet.com.sg:8080
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
    O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
    O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [BMMGAG] RunDll32 C:\PROGRA~1\ThinkPad\UTILIT~1\pwrmonit.dll,StartPwrMonitor
    O4 - HKLM\..\Run: [BMMLREF] C:\Program Files\ThinkPad\Utilities\BMMLREF.EXE
    O4 - HKLM\..\Run: [BMMMONWND] rundll32.exe C:\PROGRA~1\ThinkPad\UTILIT~1\BatInfEx.dll,BMMAutonomicMonitor
    O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
    O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
    O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper
    O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [EPSON Stylus C41 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P23 "EPSON Stylus C41 Series" /O5 "LPT1:" /M "Stylus C41"
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [Realtime Monitor] C:\PROGRA~1\CA\ETRUST~1\realmon.exe -s
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
    O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [UploadNewBagsObj] C:\Documents and Settings\All Users\Application Data\tray fork upload new\Bolttwo.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [RealPlayer] "C:\Program Files\Real\RealOne Player\realplay.exe" /RunUPGToolCommandReBoot
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [BookDate] C:\DOCUME~1\WEILIN~1.200\APPLIC~1\WEBREG~1\typeshimerror.exe
    O4 - Global Startup: SMU VPN Client.lnk = C:\Program Files\SMU-VPN\ipsecdialer.exe
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Post-it® Software Notes Lite.lnk = C:\Program Files\3M\PSN2Lite\Psn2Lite.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
    O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
    O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
    O16 - DPF: {639658F3-B141-4D6B-B936-226F75A5EAC3} (CPlayFirstDinerDash2Control Object) - http://www.shockwave.com/content/dinerdash2/sis/DinerDash2.1.0.0.53.cab
    O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://www.shockwave.com/content/luxor/sis/mjolauncher.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
    O16 - DPF: {CD259AEC-23E6-4E64-8138-7E28D56666D7} (SQFViewer10X Element) - http://www.natuerlich-birkenstock.de/v1/SQFViewer10.ocx
    O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.popcap.com/games/popcaploader_v6.cab
    O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = student.smu.edu.sg
    O17 - HKLM\Software\..\Telephony: DomainName = student.smu.edu.sg
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = student.smu.edu.sg
    O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = student.smu.edu.sg
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
    O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\SMU-VPN\cvpnd.exe
    O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: IBM PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\System32\ibmpmsvc.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: eTrust Antivirus RPC Server (InoRPC) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRpc.exe
    O23 - Service: eTrust Antivirus Realtime Server (InoRT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRT.exe
    O23 - Service: eTrust Antivirus Job Server (InoTask) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoTask.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: Event Log Watch (LogWatch) - Unknown owner - C:\WINDOWS\LogWatNT.exe
    O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
    O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe
     
  2. Sponsor

  3. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    106,204
    Hi and welcome to TSG,

    Download and unzip the following to a new folder:
    http://metallica.geekstogo.com/findlop.zip

    Inside the folder locate findlop.bat

    Double click it and it will create the file C:\findlop.txt
    Find that file and copy and paste the contents into your next post.


    Also, copy the part in bold below into notepad and save it as direxie.bat
    Set File type to "All files"


    cd\
    cd C:\Documents and Settings\%UserName%\Application Data
    dir /x > C:\directory.txt
    cd C:\Documents and Settings\All Users\Application Data
    dir /x >> C:\directory.txt
    cd C:\Program Files
    dir /x >> C:\directory.txt
    start notepad C:\directory.txt



    Start the file by double clicking direxie.bat
    That will open a file called directory.txt. Post the content of that file.
     
  4. gurge

    gurge Thread Starter

    Joined:
    Apr 27, 2007
    Messages:
    5
    Hi! Thanks for your reply! I did do some measures listed on another site (just removing the CiD prog from control panel etc.) and the popups stopped, but not sure if i'm clean yet, I could still be transmitting info to them right? Anyway, I followed your instructions and here is txt file copied:

    [TRACE] Enumerating jobs and queues
    [TRACE] Activating job 'BMMTask.job'
    [TRACE] Printing all job properties

    ApplicationName: 'C:\PROGRA~1\ThinkPad\UTILIT~1\BMMTASK.EXE'
    Parameters: ''
    WorkingDirectory: 'C:\PROGRA~1\ThinkPad\UTILIT~1'
    Comment: ''
    Creator: 'Administrator'
    Priority: NORMAL
    MaxRunTime: 259200000 (3d 0:00:00)
    IdleWait: 5
    IdleDeadline: 990
    MostRecentRun: 00/00/0000 0:00:00
    NextRun: 00/00/0000 0:00:00
    StartError: SCHED_S_TASK_HAS_NOT_RUN
    ExitCode: 0
    Status: SCHED_S_TASK_DISABLED
    ScheduledWorkItem Flags:
    DeleteWhenDone = 0
    Suspend = 1
    StartOnlyIfIdle = 1
    KillOnIdleEnd = 1
    RestartOnIdleResume = 0
    DontStartIfOnBatteries = 0
    KillIfGoingOnBatteries = 0
    RunOnlyIfLoggedOn = 0
    SystemRequired = 0
    Hidden = 0
    TaskFlags: 0

    42 Triggers

    Trigger 0:
    Type: OnIdle
    StartDate: 01/01/1999
    EndDate: 00/00/0000
    StartTime: 00:00
    MinutesDuration: 0
    MinutesInterval: 0
    Flags:
    HasEndDate = 0
    KillAtDuration = 0
    Disabled = 0

    Trigger 1:
    Type: OnIdle
    StartDate: 01/01/1999
    EndDate: 00/00/0000
    StartTime: 00:00
    MinutesDuration: 0
    MinutesInterval: 0
    Flags:
    HasEndDate = 0
    KillAtDuration = 0
    Disabled = 0

    Trigger 2:
    Type: OnIdle
    StartDate: 01/01/1999
    EndDate: 00/00/0000
    StartTime: 00:00
    MinutesDuration: 0
    MinutesInterval: 0
    Flags:
    HasEndDate = 0
    KillAtDuration = 0
    Disabled = 0

    Trigger 3:
    Type: OnIdle
    StartDate: 01/01/1999
    EndDate: 00/00/0000
    StartTime: 00:00
    MinutesDuration: 0
    MinutesInterval: 0
    Flags:
    HasEndDate = 0
    KillAtDuration = 0
    Disabled = 0

    Trigger 4:
    Type: OnIdle
    StartDate: 01/01/1999
    EndDate: 00/00/0000
    StartTime: 00:00
    MinutesDuration: 0
    MinutesInterval: 0
    Flags:
    HasEndDate = 0
    KillAtDuration = 0
    Disabled = 0

    Trigger 5:
    Type: OnIdle
    StartDate: 01/01/1999
    EndDate: 00/00/0000
    StartTime: 00:00
    MinutesDuration: 0
    MinutesInterval: 0
    Flags:
    HasEndDate = 0
    KillAtDuration = 0
    Disabled = 0

    Trigger 6:
    Type: OnIdle
    StartDate: 01/01/1999
    EndDate: 00/00/0000
    StartTime: 00:00
    MinutesDuration: 0
    MinutesInterval: 0
    Flags:
    HasEndDate = 0
    KillAtDuration = 0
    Disabled = 0

    Trigger 7:
    Type: OnIdle
    StartDate: 01/01/1999
    EndDate: 00/00/0000
    StartTime: 00:00
    MinutesDuration: 0
    MinutesInterval: 0
    Flags:
    HasEndDate = 0
    KillAtDuration = 0
    Disabled = 0

    Trigger 8:
    Type: OnIdle
    StartDate: 01/01/1999
    EndDate: 00/00/0000
    StartTime: 00:00
    MinutesDuration: 0
    MinutesInterval: 0
    Flags:
    HasEndDate = 0
    KillAtDuration = 0
    Disabled = 0

    Trigger 9:
    Type: OnIdle
    StartDate: 01/01/1999
    EndDate: 00/00/0000
    StartTime: 00:00
    MinutesDuration: 0
    MinutesInterval: 0
    Flags:
    HasEndDate = 0
    KillAtDuration = 0
    Disabled = 0

    Trigger 10:
    Type: OnIdle
    StartDate: 01/01/1999
    EndDate: 00/00/0000
    StartTime: 00:00
    MinutesDuration: 0
    MinutesInterval: 0
    Flags:
    HasEndDate = 0
    KillAtDuration = 0
    Disabled = 0

    Trigger 11:
    Type: OnIdle
    StartDate: 01/01/1999
    EndDate: 00/00/0000
    StartTime: 00:00
    MinutesDuration: 0
    MinutesInterval: 0
    Flags:
    HasEndDate = 0
    KillAtDuration = 0
    Disabled = 0

    Trigger 12:
    Type: OnIdle
    StartDate: 01/01/1999
    EndDate: 00/00/0000
    StartTime: 00:00
    MinutesDuration: 0
    MinutesInterval: 0
    Flags:
    HasEndDate = 0
    KillAtDuration = 0
    Disabled = 0

    Trigger 13:
    Type: OnIdle
    StartDate: 01/01/1999
    EndDate: 00/00/0000
    StartTime: 00:00
    MinutesDuration: 0
    MinutesInterval: 0
    Flags:
    HasEndDate = 0
    KillAtDuration = 0
    Disabled = 0

    Trigger 14:
    Type: OnIdle
    StartDate: 01/01/1999
    EndDate: 00/00/0000
    StartTime: 00:00
    MinutesDuration: 0
    MinutesInterval: 0
    Flags:
    HasEndDate = 0
    KillAtDuration = 0
    Disabled = 0

    Trigger 15:
    Type: OnIdle
    StartDate: 01/01/1999
    EndDate: 00/00/0000
    StartTime: 00:00
    MinutesDuration: 0
    MinutesInterval: 0
    Flags:
    HasEndDate = 0
    KillAtDuration = 0
    Disabled = 0

    Trigger 16:
    Type: OnIdle
    StartDate: 01/01/1999
    EndDate: 00/00/0000
    StartTime: 00:00
    MinutesDuration: 0
    MinutesInterval: 0
    Flags:
    HasEndDate = 0
    KillAtDuration = 0
    Disabled = 0

    Trigger 17:
    Type: OnIdle
    StartDate: 01/01/1999
    EndDate: 00/00/0000
    StartTime: 00:00
    MinutesDuration: 0
    MinutesInterval: 0
    Flags:
    HasEndDate = 0
    KillAtDuration = 0
    Disabled = 0

    Trigger 18:
    Type: OnIdle
    StartDate: 01/01/1999
    EndDate: 00/00/0000
    StartTime: 00:00
    MinutesDuration: 0
    MinutesInterval: 0
    Flags:
    HasEndDate = 0
    KillAtDuration = 0
    Disabled = 0

    Trigger 19:
    Type: OnIdle
    StartDate: 01/01/1999
    EndDate: 00/00/0000
    StartTime: 00:00
    MinutesDuration: 0
    MinutesInterval: 0
    Flags:
    HasEndDate = 0
    KillAtDuration = 0
    Disabled = 0

    Trigger 20:
    Type: OnIdle
    StartDate: 01/01/1999
    EndDate: 00/00/0000
    StartTime: 00:00
    MinutesDuration: 0
    MinutesInterval: 0
    Flags:
    HasEndDate = 0
    KillAtDuration = 0
    Disabled = 0

    Trigger 21:
    Type: OnIdle
    StartDate: 01/01/1999
    EndDate: 00/00/0000
    StartTime: 00:00
    MinutesDuration: 0
    MinutesInterval: 0
    Flags:
    HasEndDate = 0
    KillAtDuration = 0
    Disabled = 0

    Trigger 22:
    Type: OnIdle
    StartDate: 01/01/1999
    EndDate: 00/00/0000
    StartTime: 00:00
    MinutesDuration: 0
    MinutesInterval: 0
    Flags:
    HasEndDate = 0
    KillAtDuration = 0
    Disabled = 0

    Trigger 23:
    Type: OnIdle
    StartDate: 01/01/1999
    EndDate: 00/00/0000
    StartTime: 00:00
    MinutesDuration: 0
    MinutesInterval: 0
    Flags:
    HasEndDate = 0
    KillAtDuration = 0
    Disabled = 0

    Trigger 24:
    Type: OnIdle
    StartDate: 01/01/1999
    EndDate: 00/00/0000
    StartTime: 00:00
    MinutesDuration: 0
    MinutesInterval: 0
    Flags:
    HasEndDate = 0
    KillAtDuration = 0
    Disabled = 0

    Trigger 25:
    Type: OnIdle
    StartDate: 01/01/1999
    EndDate: 00/00/0000
    StartTime: 00:00
    MinutesDuration: 0
    MinutesInterval: 0
    Flags:
    HasEndDate = 0
    KillAtDuration = 0
    Disabled = 0

    Trigger 26:
    Type: OnIdle
    StartDate: 01/01/1999
    EndDate: 00/00/0000
    StartTime: 00:00
    MinutesDuration: 0
    MinutesInterval: 0
    Flags:
    HasEndDate = 0
    KillAtDuration = 0
    Disabled = 0

    Trigger 27:
    Type: OnIdle
    StartDate: 01/01/1999
    EndDate: 00/00/0000
    StartTime: 00:00
    MinutesDuration: 0
    MinutesInterval: 0
    Flags:
    HasEndDate = 0
    KillAtDuration = 0
    Disabled = 0

    Trigger 28:
    Type: OnIdle
    StartDate: 01/01/1999
    EndDate: 00/00/0000
    StartTime: 00:00
    MinutesDuration: 0
    MinutesInterval: 0
    Flags:
    HasEndDate = 0
    KillAtDuration = 0
    Disabled = 0

    Trigger 29:
    Type: OnIdle
    StartDate: 01/01/1999
    EndDate: 00/00/0000
    StartTime: 00:00
    MinutesDuration: 0
    MinutesInterval: 0
    Flags:
    HasEndDate = 0
    KillAtDuration = 0
    Disabled = 0

    Trigger 30:
    Type: OnIdle
    StartDate: 01/01/1999
    EndDate: 00/00/0000
    StartTime: 00:00
    MinutesDuration: 0
    MinutesInterval: 0
    Flags:
    HasEndDate = 0
    KillAtDuration = 0
    Disabled = 0

    Trigger 31:
    Type: OnIdle
    StartDate: 01/01/1999
    EndDate: 00/00/0000
    StartTime: 00:00
    MinutesDuration: 0
    MinutesInterval: 0
    Flags:
    HasEndDate = 0
    KillAtDuration = 0
    Disabled = 0

    Trigger 32:
    Type: OnIdle
    StartDate: 01/01/1999
    EndDate: 00/00/0000
    StartTime: 00:00
    MinutesDuration: 0
    MinutesInterval: 0
    Flags:
    HasEndDate = 0
    KillAtDuration = 0
    Disabled = 0

    Trigger 33:
    Type: OnIdle
    StartDate: 01/01/1999
    EndDate: 00/00/0000
    StartTime: 00:00
    MinutesDuration: 0
    MinutesInterval: 0
    Flags:
    HasEndDate = 0
    KillAtDuration = 0
    Disabled = 0

    Trigger 34:
    Type: OnIdle
    StartDate: 01/01/1999
    EndDate: 00/00/0000
    StartTime: 00:00
    MinutesDuration: 0
    MinutesInterval: 0
    Flags:
    HasEndDate = 0
    KillAtDuration = 0
    Disabled = 0

    Trigger 35:
    Type: OnIdle
    StartDate: 01/01/1999
    EndDate: 00/00/0000
    StartTime: 00:00
    MinutesDuration: 0
    MinutesInterval: 0
    Flags:
    HasEndDate = 0
    KillAtDuration = 0
    Disabled = 0

    Trigger 36:
    Type: OnIdle
    StartDate: 01/01/1999
    EndDate: 00/00/0000
    StartTime: 00:00
    MinutesDuration: 0
    MinutesInterval: 0
    Flags:
    HasEndDate = 0
    KillAtDuration = 0
    Disabled = 0

    Trigger 37:
    Type: OnIdle
    StartDate: 01/01/1999
    EndDate: 00/00/0000
    StartTime: 00:00
    MinutesDuration: 0
    MinutesInterval: 0
    Flags:
    HasEndDate = 0
    KillAtDuration = 0
    Disabled = 0

    Trigger 38:
    Type: OnIdle
    StartDate: 01/01/1999
    EndDate: 00/00/0000
    StartTime: 00:00
    MinutesDuration: 0
    MinutesInterval: 0
    Flags:
    HasEndDate = 0
    KillAtDuration = 0
    Disabled = 0

    Trigger 39:
    Type: OnIdle
    StartDate: 01/01/1999
    EndDate: 00/00/0000
    StartTime: 00:00
    MinutesDuration: 0
    MinutesInterval: 0
    Flags:
    HasEndDate = 0
    KillAtDuration = 0
    Disabled = 0

    Trigger 40:
    Type: OnIdle
    StartDate: 01/01/1999
    EndDate: 00/00/0000
    StartTime: 00:00
    MinutesDuration: 0
    MinutesInterval: 0
    Flags:
    HasEndDate = 0
    KillAtDuration = 0
    Disabled = 0

    Trigger 41:
    Type: OnIdle
    StartDate: 01/01/1999
    EndDate: 00/00/0000
    StartTime: 00:00
    MinutesDuration: 0
    MinutesInterval: 0
    Flags:
    HasEndDate = 0
    KillAtDuration = 0
    Disabled = 0


    [TRACE] Activating job 'AppleSoftwareUpdate.job'
    [TRACE] Printing all job properties

    ApplicationName: 'C:\Program Files\Apple Software Update\SoftwareUpdate.exe'
    Parameters: '-Task'
    WorkingDirectory: ''
    Comment: ''
    Creator: 'SYSTEM'
    Priority: NORMAL
    MaxRunTime: 259200000 (3d 0:00:00)
    IdleWait: 10
    IdleDeadline: 60
    MostRecentRun: 04/27/2007 16:59:00
    NextRun: 05/04/2007 16:59:00
    StartError: S_OK
    ExitCode: 0
    Status: SCHED_S_TASK_READY
    ScheduledWorkItem Flags:
    DeleteWhenDone = 0
    Suspend = 0
    StartOnlyIfIdle = 0
    KillOnIdleEnd = 0
    RestartOnIdleResume = 0
    DontStartIfOnBatteries = 0
    KillIfGoingOnBatteries = 0
    RunOnlyIfLoggedOn = 0
    SystemRequired = 0
    Hidden = 0
    TaskFlags: 0

    1 Trigger

    Trigger 0:
    Type: Weekly
    WeeksInterval: 1
    DaysOfTheWeek: .....F.
    StartDate: 03/14/2007
    EndDate: 00/00/0000
    StartTime: 16:59
    MinutesDuration: 0
    MinutesInterval: 0
    Flags:
    HasEndDate = 0
    KillAtDuration = 0
    Disabled = 0

    and direxie.bat:

    Volume in drive C has no label.
    Volume Serial Number is 9806-6D38

    Directory of C:\Documents and Settings\weiling.neo.2003\Application Data

    06/09/2004 05:38 PM <DIR> .
    06/09/2004 05:38 PM <DIR> ..
    05/02/2002 03:04 PM <DIR> IDENTI~1 Identities
    05/02/2002 03:19 PM <DIR> REAL Real
    05/02/2002 03:24 PM <DIR> MICROS~2 Microsoft Web Folders
    05/02/2002 03:44 PM <DIR> ADOBE Adobe
    06/21/2002 04:07 PM <DIR> DRAG'N~1 Drag'n Drop CD
    05/08/2003 10:14 AM <DIR> HELP Help
    08/11/2003 04:45 PM <DIR> ADOBEUM AdobeUM
    05/08/2003 10:24 AM 0 dm.ini
    06/10/2004 12:51 AM <DIR> ICQ
    06/10/2004 01:05 AM <DIR> 3M
    06/12/2004 04:56 PM <DIR> MACROM~1 Macromedia
    04/20/2007 12:28 AM 124,120 GDIPFO~1.DAT GDIPFONTCACHEV1.DAT
    06/28/2004 06:44 PM <DIR> SUN Sun
    06/29/2004 11:25 PM <DIR> LEADER~1 Leadertech
    06/29/2004 11:25 PM <DIR> SONIC Sonic
    08/30/2004 04:59 PM <DIR> RATIONAL Rational
    09/09/2004 04:17 PM <DIR> DOWNLO~1 Download Manager
    11/07/2004 12:54 PM <DIR> MOZILLA Mozilla
    11/07/2004 12:54 PM <DIR> TALKBACK Talkback
    02/23/2005 11:22 AM <DIR> LAVASOFT Lavasoft
    02/28/2005 09:29 PM <DIR> APPLEC~1 Apple Computer
    03/06/2005 01:53 AM <DIR> SKYPE Skype
    04/27/2005 04:18 PM <DIR> KEYSAFE KeySafe
    07/30/2005 06:58 PM <DIR> vlc
    08/08/2005 12:57 PM <DIR> GOOGLE Google
    06/03/2006 12:23 PM <DIR> UTORRENT uTorrent
    06/04/2006 04:40 PM <DIR> last.fm
    07/25/2006 11:45 AM <DIR> PLAYFI~1 PlayFirst
    08/05/2006 04:58 PM <DIR> dvdcss
    09/14/2006 09:40 AM <DIR> GLOBAL~1 GlobalSCAPE
    11/08/2006 10:57 AM <DIR> ZEON Zeon
    11/24/2006 06:35 PM <DIR> TELECA Teleca
    11/24/2006 06:35 PM <DIR> SONYER~1 Sony Ericsson
    01/06/2007 06:54 PM <DIR> SECOND~1 SecondLife
    01/06/2007 11:19 PM <DIR> ADOBEAUM AdobeAUM
    03/27/2007 01:37 PM <DIR> U3
    04/28/2007 12:05 AM <DIR> AVG7
    2 File(s) 124,120 bytes
    37 Dir(s) 1,287,061,504 bytes free
    Volume in drive C has no label.
    Volume Serial Number is 9806-6D38

    Directory of C:\Documents and Settings\All Users\Application Data

    05/02/2002 02:21 PM <DIR> .
    05/02/2002 02:21 PM <DIR> ..
    05/02/2002 03:17 PM <DIR> QUICKT~1 QuickTime
    05/15/2002 07:25 PM <DIR> SYMANTEC Symantec
    06/10/2004 12:46 AM <DIR> SPYBOT~1 Spybot - Search & Destroy
    08/30/2004 04:53 PM <DIR> MICROS~2 Microsoft Help
    09/01/2004 09:10 PM <DIR> TRYMEDIA Trymedia
    12/20/2004 01:38 PM <DIR> MACROV~1 Macrovision
    02/28/2005 09:29 PM <DIR> APPLEC~1 Apple Computer
    03/06/2005 01:53 AM <DIR> SKYPE Skype
    07/20/2005 11:38 PM <DIR> DVX
    09/28/2005 08:20 AM <DIR> IBM
    12/29/2005 12:13 AM <DIR> WINDOW~1 Windows Genuine Advantage
    02/04/2006 08:13 PM <DIR> POPCAP PopCap
    03/23/2007 12:02 AM 2,901 QTSBAN~1 QTSBandwidthCache
    07/15/2006 09:00 PM <DIR> MUMBOJ~1 MumboJumbo
    07/25/2006 11:45 AM <DIR> PLAYFI~1 PlayFirst
    10/18/2006 10:11 PM <DIR> GOOGLE Google
    11/08/2006 10:51 AM <DIR> ZEON Zeon
    12/04/2006 08:23 AM <DIR> ADOBE Adobe
    01/06/2007 11:06 PM <DIR> TELECA Teleca
    01/06/2007 11:06 PM <DIR> SONYER~1 Sony Ericsson
    04/27/2007 11:58 PM <DIR> avg7
    04/27/2007 11:58 PM <DIR> GRISOFT Grisoft
    1 File(s) 2,901 bytes
    23 Dir(s) 1,287,061,504 bytes free
    Volume in drive C has no label.
    Volume Serial Number is 9806-6D38

    Directory of C:\Program Files

    05/02/2002 02:22 PM <DIR> .
    05/02/2002 02:22 PM <DIR> ..
    05/02/2002 02:22 PM <DIR> COMMON~1 Common Files
    05/02/2002 02:39 PM <DIR> WINDOW~1 Windows NT
    05/02/2002 02:40 PM <DIR> MSNGAM~1 MSN Gaming Zone
    05/02/2002 02:40 PM <DIR> MESSEN~1 Messenger
    05/02/2002 02:40 PM <DIR> ONLINE~1 Online Services
    05/02/2002 02:40 PM <DIR> COMPLU~1 ComPlus Applications
    05/02/2002 02:42 PM <DIR> INTERN~1 Internet Explorer
    05/02/2002 02:42 PM <DIR> OUTLOO~1 Outlook Express
    05/02/2002 02:42 PM <DIR> NETMEE~1 NetMeeting
    05/02/2002 02:42 PM <DIR> WINDOW~3 Windows Media Player
    05/02/2002 02:43 PM <DIR> MOVIEM~1 Movie Maker
    05/02/2002 02:48 PM <DIR> MICROS~1 microsoft frontpage
    05/02/2002 02:48 PM <DIR> xerox
    05/02/2002 03:17 PM <DIR> WINZIP WinZip
    05/02/2002 03:19 PM <DIR> REAL Real
    05/02/2002 03:24 PM <DIR> MICROS~2 Microsoft Office
    05/02/2002 03:32 PM <DIR> MICROS~3 Microsoft Visual Studio
    05/02/2002 03:33 PM <DIR> MICROS~4 Microsoft ActiveSync
    05/02/2002 04:05 PM <DIR> EUROTOOL EuroTool
    05/02/2002 04:12 PM <DIR> OFFICE~1 OfficeUpdate
    05/03/2002 11:59 AM <DIR> INTEL Intel
    05/06/2002 06:51 PM <DIR> MAGICKEY MagicKey
    05/15/2002 07:25 PM <DIR> SYMANTEC Symantec
    12/30/2002 10:10 AM <DIR> WINDOW~4 Windows Journal Viewer
    05/08/2003 10:25 AM <DIR> ADOBE Adobe
    04/27/2007 11:58 PM <DIR> GRISOFT Grisoft
    05/08/2003 03:33 PM <DIR> VVIEWER VViewer
    05/09/2003 08:39 AM <DIR> CISCOS~1 Cisco Systems
    05/16/2003 05:04 PM <DIR> SMU-VPN
    07/07/2003 09:56 AM <DIR> SYNAPT~1 Synaptics
    06/09/2004 05:30 PM <DIR> THINKPAD ThinkPad
    06/09/2004 05:33 PM <DIR> ltmoh
    06/09/2004 05:35 PM <DIR> IBMREC~1 IBM RecordNow!
    06/09/2004 05:36 PM <DIR> ATITEC~1 ATI Technologies
    06/10/2004 12:41 AM <DIR> WINAMP Winamp
    06/10/2004 12:46 AM <DIR> LAVASOFT Lavasoft
    06/10/2004 12:46 AM <DIR> SPYBOT~1 Spybot - Search & Destroy
    06/10/2004 12:48 AM <DIR> GOOGLE Google
    06/10/2004 12:50 AM <DIR> ICQ
    06/10/2004 12:50 AM 456 INSTALL.LOG
    06/10/2004 01:04 AM <DIR> EPSON
    06/10/2004 01:04 AM <DIR> 3M
    06/10/2004 11:55 AM <DIR> MIRC mIRC
    06/10/2004 12:38 PM <DIR> WS_FTP
    06/10/2004 01:40 PM <DIR> SENDFILE SendFile
    06/10/2004 04:09 PM <DIR> MPEGWA~1 MpegWare CD Ripper
    06/23/2004 02:52 PM <DIR> K-LITE~1 K-Lite Codec Pack
    06/23/2004 02:55 PM <DIR> DIVX DivX
    06/24/2004 01:00 PM <DIR> CANON Canon
    06/28/2004 04:56 PM <DIR> CA
    06/28/2004 05:21 PM <DIR> MI6841~1 Microsoft SQL Server
    06/28/2004 06:43 PM <DIR> JAVA Java
    08/16/2004 04:12 PM <DIR> SNES9X Snes9x
    08/30/2004 04:30 PM <DIR> RATION~1 Rational XDE Developer Plus Java Platform Edition
    08/30/2004 04:53 PM <DIR> RATIONAL Rational
    09/01/2004 09:10 PM <DIR> POPCAP~1 PopCap Games
    09/09/2004 04:32 PM <DIR> WINPCAP WinPcap
    10/01/2004 08:17 AM <DIR> AUDACITY Audacity
    10/30/2004 01:11 PM <DIR> INTERA~1 InterActual
    11/07/2004 12:54 PM <DIR> MOZILL~1 Mozilla Firefox
    12/20/2004 01:35 PM <DIR> MACROM~1 Macromedia
    01/31/2005 09:32 AM <DIR> DRUGLO~1 Drug Lord 2
    02/06/2005 12:37 AM <DIR> MSNMES~1 MSN Messenger
    02/28/2005 09:28 PM <DIR> IPOD iPod
    03/06/2005 01:53 AM <DIR> SKYPE Skype
    04/21/2005 05:38 PM <DIR> TRYMEDIA TryMedia
    06/16/2005 11:51 PM <DIR> EXTRAC~1 ExtractNow
    07/20/2005 10:15 PM <DIR> DVDDEC~1 DVD Decrypter
    07/20/2005 10:55 PM <DIR> DVX
    07/30/2005 06:27 PM <DIR> VIDEOLAN VideoLAN
    09/05/2005 04:44 PM <DIR> INFOSY~1 Infosys Technologies Ltd
    10/22/2005 03:35 PM <DIR> MI572C~1 Microsoft GIF Animator
    03/30/2006 11:47 PM <DIR> ITUNES iTunes
    03/30/2006 11:48 PM <DIR> QUICKT~1 QuickTime
    06/04/2006 04:40 PM <DIR> LAST~1.FMP Last.fm Player
    07/10/2006 11:08 AM <DIR> PICASA2 Picasa2
    07/25/2006 01:04 PM <DIR> GAMEHO~1 GameHouse
    08/05/2006 01:52 PM <DIR> AHEAD Ahead
    08/30/2006 04:26 PM <DIR> NCS
    08/30/2006 04:27 PM <DIR> NECVIE~1 NEC Viewtechnology, Ltd_NCS
    08/30/2006 05:14 PM <DIR> VIM Vim
    09/14/2006 09:39 AM <DIR> GLOBAL~1 GlobalSCAPE
    09/15/2006 11:41 AM <DIR> JUDE-C~1 JUDE-Community
    09/25/2006 01:37 AM <DIR> FLVPLA~1 FLVPlayer
    10/21/2006 01:12 AM <DIR> BLUETACK Bluetack
    11/08/2006 10:57 AM <DIR> NITROP~1 Nitro PDF
    11/24/2006 06:27 PM <DIR> DISC2P~1 Disc2Phone
    11/26/2006 09:58 AM <DIR> MSXML4~1.0 MSXML 4.0
    01/01/2007 10:44 PM <DIR> AVISYN~1.5 AviSynth 2.5
    01/06/2007 06:54 PM <DIR> SECOND~1 SecondLife
    01/06/2007 11:06 PM <DIR> SONYER~1 Sony Ericsson
    01/22/2007 10:52 PM <DIR> PEERGU~1 PeerGuardian2
    02/23/2007 10:36 AM <DIR> CAMSTU~1 CamStudio
    03/10/2007 12:20 AM <DIR> BCLTEC~1 BCL Technologies
    03/14/2007 10:58 PM <DIR> APPLES~1 Apple Software Update
    04/19/2007 05:01 PM <DIR> SPSS
    04/23/2007 01:13 PM <DIR> SC
    1 File(s) 456 bytes
    98 Dir(s) 1,287,061,504 bytes free

    Thanks! do tell me if there's anything out of the ordinary (other bad progs not from winzix) I really appreciate the help! :)
     
  5. gurge

    gurge Thread Starter

    Joined:
    Apr 27, 2007
    Messages:
    5
    oops sorry! seems to have double posted!
     
  6. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    106,204
    Please post a new HijackThis log.
     
  7. gurge

    gurge Thread Starter

    Joined:
    Apr 27, 2007
    Messages:
    5
    Logfile of HijackThis v1.99.1
    Scan saved at 8:55:26 PM, on 4/29/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\System32\ibmpmsvc.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\SMU-VPN\cvpnd.exe
    C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
    C:\Program Files\CA\eTrust Antivirus\InoRpc.exe
    C:\Program Files\CA\eTrust Antivirus\InoRT.exe
    C:\Program Files\CA\eTrust Antivirus\InoTask.exe
    C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\WINDOWS\LogWatNT.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\TpKmpSVC.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    C:\WINDOWS\system32\RunDll32.exe
    C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
    C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
    C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe
    C:\Program Files\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe
    C:\WINDOWS\AGRSMMSG.exe
    C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
    C:\PROGRA~1\CA\ETRUST~1\realmon.exe
    C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\3M\PSN2Lite\Psn2Lite.exe
    C:\PROGRA~1\3M\PSN2Lite\PSNGive.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    C:\Program Files\Grisoft\AVG7\avgcc.exe
    C:\Program Files\VideoLAN\VLC\vlc.exe
    C:\Documents and Settings\weiling.neo.2003\Desktop\utorrent.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Documents and Settings\weiling.neo.2003\Desktop\hijackthis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.smu.edu.sg/
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.singnet.com.sg:8080
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
    O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
    O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [BMMGAG] RunDll32 C:\PROGRA~1\ThinkPad\UTILIT~1\pwrmonit.dll,StartPwrMonitor
    O4 - HKLM\..\Run: [BMMLREF] C:\Program Files\ThinkPad\Utilities\BMMLREF.EXE
    O4 - HKLM\..\Run: [BMMMONWND] rundll32.exe C:\PROGRA~1\ThinkPad\UTILIT~1\BatInfEx.dll,BMMAutonomicMonitor
    O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
    O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
    O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper
    O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [EPSON Stylus C41 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P23 "EPSON Stylus C41 Series" /O5 "LPT1:" /M "Stylus C41"
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [Realtime Monitor] C:\PROGRA~1\CA\ETRUST~1\realmon.exe -s
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
    O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [RealPlayer] "C:\Program Files\Real\RealOne Player\realplay.exe" /RunUPGToolCommandReBoot
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
    O4 - Global Startup: SMU VPN Client.lnk = C:\Program Files\SMU-VPN\ipsecdialer.exe
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Post-it® Software Notes Lite.lnk = C:\Program Files\3M\PSN2Lite\Psn2Lite.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
    O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
    O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
    O16 - DPF: {639658F3-B141-4D6B-B936-226F75A5EAC3} (CPlayFirstDinerDash2Control Object) - http://www.shockwave.com/content/dinerdash2/sis/DinerDash2.1.0.0.53.cab
    O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://www.shockwave.com/content/luxor/sis/mjolauncher.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
    O16 - DPF: {CD259AEC-23E6-4E64-8138-7E28D56666D7} (SQFViewer10X Element) - http://www.natuerlich-birkenstock.de/v1/SQFViewer10.ocx
    O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.popcap.com/games/popcaploader_v6.cab
    O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = student.smu.edu.sg
    O17 - HKLM\Software\..\Telephony: DomainName = student.smu.edu.sg
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = student.smu.edu.sg
    O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = student.smu.edu.sg
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
    O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\SMU-VPN\cvpnd.exe
    O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: IBM PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\System32\ibmpmsvc.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: eTrust Antivirus RPC Server (InoRPC) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRpc.exe
    O23 - Service: eTrust Antivirus Realtime Server (InoRT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRT.exe
    O23 - Service: eTrust Antivirus Job Server (InoTask) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoTask.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: Event Log Watch (LogWatch) - Unknown owner - C:\WINDOWS\LogWatNT.exe
    O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
    O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe

    Sorry about that! thanks! i get ads, but not CiD ones, but it could have come up when I visit blogspot only :\ so i'm not very sure...
     
  8. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    106,204
    Download AVG Anti-Spyware from HERE and save that file to your desktop.

    When the trial period expires it becomes feature-limited freeware but is still worth keeping as a good on-demand scanner.


    1. Once you have downloaded AVG Anti-Spyware, locate the icon on the desktop and double click it to launch the set up program.
    2. Once the setup is complete you will need run AVG Anti-Spyware and update the definition files.
    3. On the main screen select the icon "Update" then select the "Update now" link.
      • Next select the "Start Update" button. The update will start and a progress bar will show the updates being installed.
    4. Once the update has completed, select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
    5. Once in the Settings screen click on "Recommended actions" and then select "Quarantine".
    6. Under "Reports"
      • Select "Automatically generate report after every scan"
      • Un-Select "Only if threats were found"
    Close AVG Anti-Spyware. Do Not run a scan just yet, we will run it in safe mode.
    1. Reboot your computer into Safe Mode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight Safe Mode then hit enter.

      IMPORTANT: Do not open any other windows or programs while AVG Anti-Spyware is scanning as it may interfere with the scanning process:
    2. Launch AVG Anti-Spyware by double clicking the icon on your desktop.
    3. Select the "Scanner" icon at the top and then the "Scan" tab then click on "Complete System Scan".
    4. AVG will now begin the scanning process. Please be patient as this may take a little time.
      Once the scan is complete, do the following:
    5. If you have any infections you will be prompted. Then select "Apply all actions."
    6. Next select the "Reports" icon at the top.
    7. Select the "Save report as" button in the lower left-hand of the screen and save it to a text file on your system (make sure to remember where you saved that file. This is important).
    8. Close AVG Anti-Spyware and reboot your system back into Normal Mode.


    Please go HERE to run Panda's ActiveScan
    • You need to use IE to run this scan
    • Once you are on the Panda site click the Scan your PC button
    • A new window will open...click the Check Now button
    • Enter your Country
    • Enter your State/Province
    • Enter your e-mail address and click send
    • Select either Home User or Company
    • Click the big Scan Now button
    • If it wants to install an ActiveX component allow it
    • It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
    • When download is complete, click on My Computer to start the scan
    • When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location. Post the contents of the ActiveScan report


    Come back here and post a new HijackThis log along with the logs from the AVG and Panda scans.
     
  9. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/567228