# Hijack log posted: Installed Winzix (uninstalled now) but left with adware!



## gurge (Apr 27, 2007)

Hi everyone! Hope I can get some help here  I made the silly mistake of installing this program called winzix to extract a file, only to find out that this format of file is bogus and upon searching, I realised i installed a trojan. I uninstalled the program already (by conventional means) and now I have ads every random page, in the title it always starts with 'Cid' and I tried to use double inverted commas keys, and seems i keep getting '@'s instead now and when I try to key @s i get "s, not sure if its the work of the virus (but I'm sure it is cause this problem JUST popped up, sigh. I hope I can get some help, and I am not very tech savvy, so I hope I can get help with simple instructions!  Posted is my Hijack log! Thank you so much for any help! I really appreciate it!

Logfile of HijackThis v1.99.1
Scan saved at 10:25:33 PM, on 4/27/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\ibmpmsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\SMU-VPN\cvpnd.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\CA\eTrust Antivirus\InoRpc.exe
C:\Program Files\CA\eTrust Antivirus\InoRT.exe
C:\Program Files\CA\eTrust Antivirus\InoTask.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\LogWatNT.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\TpKmpSVC.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\WINDOWS\system32\RunDll32.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe
C:\Program Files\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
C:\PROGRA~1\CA\ETRUST~1\realmon.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\3M\PSN2Lite\Psn2Lite.exe
C:\PROGRA~1\3M\PSN2Lite\PSNGive.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
c:\progra~1\intern~1\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\weiling.neo.2003\Desktop\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.smu.edu.sg/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.singnet.com.sg:8080
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [BMMGAG] RunDll32 C:\PROGRA~1\ThinkPad\UTILIT~1\pwrmonit.dll,StartPwrMonitor
O4 - HKLM\..\Run: [BMMLREF] C:\Program Files\ThinkPad\Utilities\BMMLREF.EXE
O4 - HKLM\..\Run: [BMMMONWND] rundll32.exe C:\PROGRA~1\ThinkPad\UTILIT~1\BatInfEx.dll,BMMAutonomicMonitor
O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [EPSON Stylus C41 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P23 "EPSON Stylus C41 Series" /O5 "LPT1:" /M "Stylus C41"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Realtime Monitor] C:\PROGRA~1\CA\ETRUST~1\realmon.exe -s
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [UploadNewBagsObj] C:\Documents and Settings\All Users\Application Data\tray fork upload new\Bolttwo.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [RealPlayer] "C:\Program Files\Real\RealOne Player\realplay.exe" /RunUPGToolCommandReBoot
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [BookDate] C:\DOCUME~1\WEILIN~1.200\APPLIC~1\WEBREG~1\typeshimerror.exe
O4 - Global Startup: SMU VPN Client.lnk = C:\Program Files\SMU-VPN\ipsecdialer.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Post-it® Software Notes Lite.lnk = C:\Program Files\3M\PSN2Lite\Psn2Lite.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {639658F3-B141-4D6B-B936-226F75A5EAC3} (CPlayFirstDinerDash2Control Object) - http://www.shockwave.com/content/dinerdash2/sis/DinerDash2.1.0.0.53.cab
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://www.shockwave.com/content/luxor/sis/mjolauncher.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {CD259AEC-23E6-4E64-8138-7E28D56666D7} (SQFViewer10X Element) - http://www.natuerlich-birkenstock.de/v1/SQFViewer10.ocx
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.popcap.com/games/popcaploader_v6.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = student.smu.edu.sg
O17 - HKLM\Software\..\Telephony: DomainName = student.smu.edu.sg
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = student.smu.edu.sg
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = student.smu.edu.sg
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\SMU-VPN\cvpnd.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: IBM PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\System32\ibmpmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: eTrust Antivirus RPC Server (InoRPC) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRpc.exe
O23 - Service: eTrust Antivirus Realtime Server (InoRT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRT.exe
O23 - Service: eTrust Antivirus Job Server (InoTask) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoTask.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Event Log Watch (LogWatch) - Unknown owner - C:\WINDOWS\LogWatNT.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe


----------



## Cookiegal (Aug 27, 2003)

Hi and welcome to TSG,

Download and unzip the following to a new folder:
http://metallica.geekstogo.com/findlop.zip

Inside the folder locate *findlop.bat*

Double click it and it will create the file C:\findlop.txt
Find that file and copy and paste the contents into your next post.

Also, copy the part in bold below into notepad and save it as direxie.bat
Set File type to "All files"

*cd\
cd C:\Documents and Settings\%UserName%\Application Data
dir /x > C:\directory.txt
cd C:\Documents and Settings\All Users\Application Data
dir /x >> C:\directory.txt
cd C:\Program Files
dir /x >> C:\directory.txt
start notepad C:\directory.txt*

Start the file by double clicking direxie.bat
That will open a file called directory.txt. Post the content of that file.


----------



## gurge (Apr 27, 2007)

Hi! Thanks for your reply! I did do some measures listed on another site (just removing the CiD prog from control panel etc.) and the popups stopped, but not sure if i'm clean yet, I could still be transmitting info to them right? Anyway, I followed your instructions and here is txt file copied:

[TRACE] Enumerating jobs and queues
[TRACE] Activating job 'BMMTask.job'
[TRACE] Printing all job properties

ApplicationName: 'C:\PROGRA~1\ThinkPad\UTILIT~1\BMMTASK.EXE'
Parameters: ''
WorkingDirectory: 'C:\PROGRA~1\ThinkPad\UTILIT~1'
Comment: ''
Creator: 'Administrator'
Priority: NORMAL
MaxRunTime: 259200000 (3d 0:00:00)
IdleWait: 5
IdleDeadline: 990
MostRecentRun: 00/00/0000 0:00:00
NextRun: 00/00/0000 0:00:00
StartError: SCHED_S_TASK_HAS_NOT_RUN
ExitCode: 0
Status: SCHED_S_TASK_DISABLED
ScheduledWorkItem Flags:
DeleteWhenDone = 0
Suspend = 1
StartOnlyIfIdle = 1
KillOnIdleEnd = 1
RestartOnIdleResume = 0
DontStartIfOnBatteries = 0
KillIfGoingOnBatteries = 0
RunOnlyIfLoggedOn = 0
SystemRequired = 0
Hidden = 0
TaskFlags: 0

42 Triggers

Trigger 0:
Type: OnIdle
StartDate: 01/01/1999
EndDate: 00/00/0000
StartTime: 00:00
MinutesDuration: 0
MinutesInterval: 0
Flags:
HasEndDate = 0
KillAtDuration = 0
Disabled = 0

Trigger 1:
Type: OnIdle
StartDate: 01/01/1999
EndDate: 00/00/0000
StartTime: 00:00
MinutesDuration: 0
MinutesInterval: 0
Flags:
HasEndDate = 0
KillAtDuration = 0
Disabled = 0

Trigger 2:
Type: OnIdle
StartDate: 01/01/1999
EndDate: 00/00/0000
StartTime: 00:00
MinutesDuration: 0
MinutesInterval: 0
Flags:
HasEndDate = 0
KillAtDuration = 0
Disabled = 0

Trigger 3:
Type: OnIdle
StartDate: 01/01/1999
EndDate: 00/00/0000
StartTime: 00:00
MinutesDuration: 0
MinutesInterval: 0
Flags:
HasEndDate = 0
KillAtDuration = 0
Disabled = 0

Trigger 4:
Type: OnIdle
StartDate: 01/01/1999
EndDate: 00/00/0000
StartTime: 00:00
MinutesDuration: 0
MinutesInterval: 0
Flags:
HasEndDate = 0
KillAtDuration = 0
Disabled = 0

Trigger 5:
Type: OnIdle
StartDate: 01/01/1999
EndDate: 00/00/0000
StartTime: 00:00
MinutesDuration: 0
MinutesInterval: 0
Flags:
HasEndDate = 0
KillAtDuration = 0
Disabled = 0

Trigger 6:
Type: OnIdle
StartDate: 01/01/1999
EndDate: 00/00/0000
StartTime: 00:00
MinutesDuration: 0
MinutesInterval: 0
Flags:
HasEndDate = 0
KillAtDuration = 0
Disabled = 0

Trigger 7:
Type: OnIdle
StartDate: 01/01/1999
EndDate: 00/00/0000
StartTime: 00:00
MinutesDuration: 0
MinutesInterval: 0
Flags:
HasEndDate = 0
KillAtDuration = 0
Disabled = 0

Trigger 8:
Type: OnIdle
StartDate: 01/01/1999
EndDate: 00/00/0000
StartTime: 00:00
MinutesDuration: 0
MinutesInterval: 0
Flags:
HasEndDate = 0
KillAtDuration = 0
Disabled = 0

Trigger 9:
Type: OnIdle
StartDate: 01/01/1999
EndDate: 00/00/0000
StartTime: 00:00
MinutesDuration: 0
MinutesInterval: 0
Flags:
HasEndDate = 0
KillAtDuration = 0
Disabled = 0

Trigger 10:
Type: OnIdle
StartDate: 01/01/1999
EndDate: 00/00/0000
StartTime: 00:00
MinutesDuration: 0
MinutesInterval: 0
Flags:
HasEndDate = 0
KillAtDuration = 0
Disabled = 0

Trigger 11:
Type: OnIdle
StartDate: 01/01/1999
EndDate: 00/00/0000
StartTime: 00:00
MinutesDuration: 0
MinutesInterval: 0
Flags:
HasEndDate = 0
KillAtDuration = 0
Disabled = 0

Trigger 12:
Type: OnIdle
StartDate: 01/01/1999
EndDate: 00/00/0000
StartTime: 00:00
MinutesDuration: 0
MinutesInterval: 0
Flags:
HasEndDate = 0
KillAtDuration = 0
Disabled = 0

Trigger 13:
Type: OnIdle
StartDate: 01/01/1999
EndDate: 00/00/0000
StartTime: 00:00
MinutesDuration: 0
MinutesInterval: 0
Flags:
HasEndDate = 0
KillAtDuration = 0
Disabled = 0

Trigger 14:
Type: OnIdle
StartDate: 01/01/1999
EndDate: 00/00/0000
StartTime: 00:00
MinutesDuration: 0
MinutesInterval: 0
Flags:
HasEndDate = 0
KillAtDuration = 0
Disabled = 0

Trigger 15:
Type: OnIdle
StartDate: 01/01/1999
EndDate: 00/00/0000
StartTime: 00:00
MinutesDuration: 0
MinutesInterval: 0
Flags:
HasEndDate = 0
KillAtDuration = 0
Disabled = 0

Trigger 16:
Type: OnIdle
StartDate: 01/01/1999
EndDate: 00/00/0000
StartTime: 00:00
MinutesDuration: 0
MinutesInterval: 0
Flags:
HasEndDate = 0
KillAtDuration = 0
Disabled = 0

Trigger 17:
Type: OnIdle
StartDate: 01/01/1999
EndDate: 00/00/0000
StartTime: 00:00
MinutesDuration: 0
MinutesInterval: 0
Flags:
HasEndDate = 0
KillAtDuration = 0
Disabled = 0

Trigger 18:
Type: OnIdle
StartDate: 01/01/1999
EndDate: 00/00/0000
StartTime: 00:00
MinutesDuration: 0
MinutesInterval: 0
Flags:
HasEndDate = 0
KillAtDuration = 0
Disabled = 0

Trigger 19:
Type: OnIdle
StartDate: 01/01/1999
EndDate: 00/00/0000
StartTime: 00:00
MinutesDuration: 0
MinutesInterval: 0
Flags:
HasEndDate = 0
KillAtDuration = 0
Disabled = 0

Trigger 20:
Type: OnIdle
StartDate: 01/01/1999
EndDate: 00/00/0000
StartTime: 00:00
MinutesDuration: 0
MinutesInterval: 0
Flags:
HasEndDate = 0
KillAtDuration = 0
Disabled = 0

Trigger 21:
Type: OnIdle
StartDate: 01/01/1999
EndDate: 00/00/0000
StartTime: 00:00
MinutesDuration: 0
MinutesInterval: 0
Flags:
HasEndDate = 0
KillAtDuration = 0
Disabled = 0

Trigger 22:
Type: OnIdle
StartDate: 01/01/1999
EndDate: 00/00/0000
StartTime: 00:00
MinutesDuration: 0
MinutesInterval: 0
Flags:
HasEndDate = 0
KillAtDuration = 0
Disabled = 0

Trigger 23:
Type: OnIdle
StartDate: 01/01/1999
EndDate: 00/00/0000
StartTime: 00:00
MinutesDuration: 0
MinutesInterval: 0
Flags:
HasEndDate = 0
KillAtDuration = 0
Disabled = 0

Trigger 24:
Type: OnIdle
StartDate: 01/01/1999
EndDate: 00/00/0000
StartTime: 00:00
MinutesDuration: 0
MinutesInterval: 0
Flags:
HasEndDate = 0
KillAtDuration = 0
Disabled = 0

Trigger 25:
Type: OnIdle
StartDate: 01/01/1999
EndDate: 00/00/0000
StartTime: 00:00
MinutesDuration: 0
MinutesInterval: 0
Flags:
HasEndDate = 0
KillAtDuration = 0
Disabled = 0

Trigger 26:
Type: OnIdle
StartDate: 01/01/1999
EndDate: 00/00/0000
StartTime: 00:00
MinutesDuration: 0
MinutesInterval: 0
Flags:
HasEndDate = 0
KillAtDuration = 0
Disabled = 0

Trigger 27:
Type: OnIdle
StartDate: 01/01/1999
EndDate: 00/00/0000
StartTime: 00:00
MinutesDuration: 0
MinutesInterval: 0
Flags:
HasEndDate = 0
KillAtDuration = 0
Disabled = 0

Trigger 28:
Type: OnIdle
StartDate: 01/01/1999
EndDate: 00/00/0000
StartTime: 00:00
MinutesDuration: 0
MinutesInterval: 0
Flags:
HasEndDate = 0
KillAtDuration = 0
Disabled = 0

Trigger 29:
Type: OnIdle
StartDate: 01/01/1999
EndDate: 00/00/0000
StartTime: 00:00
MinutesDuration: 0
MinutesInterval: 0
Flags:
HasEndDate = 0
KillAtDuration = 0
Disabled = 0

Trigger 30:
Type: OnIdle
StartDate: 01/01/1999
EndDate: 00/00/0000
StartTime: 00:00
MinutesDuration: 0
MinutesInterval: 0
Flags:
HasEndDate = 0
KillAtDuration = 0
Disabled = 0

Trigger 31:
Type: OnIdle
StartDate: 01/01/1999
EndDate: 00/00/0000
StartTime: 00:00
MinutesDuration: 0
MinutesInterval: 0
Flags:
HasEndDate = 0
KillAtDuration = 0
Disabled = 0

Trigger 32:
Type: OnIdle
StartDate: 01/01/1999
EndDate: 00/00/0000
StartTime: 00:00
MinutesDuration: 0
MinutesInterval: 0
Flags:
HasEndDate = 0
KillAtDuration = 0
Disabled = 0

Trigger 33:
Type: OnIdle
StartDate: 01/01/1999
EndDate: 00/00/0000
StartTime: 00:00
MinutesDuration: 0
MinutesInterval: 0
Flags:
HasEndDate = 0
KillAtDuration = 0
Disabled = 0

Trigger 34:
Type: OnIdle
StartDate: 01/01/1999
EndDate: 00/00/0000
StartTime: 00:00
MinutesDuration: 0
MinutesInterval: 0
Flags:
HasEndDate = 0
KillAtDuration = 0
Disabled = 0

Trigger 35:
Type: OnIdle
StartDate: 01/01/1999
EndDate: 00/00/0000
StartTime: 00:00
MinutesDuration: 0
MinutesInterval: 0
Flags:
HasEndDate = 0
KillAtDuration = 0
Disabled = 0

Trigger 36:
Type: OnIdle
StartDate: 01/01/1999
EndDate: 00/00/0000
StartTime: 00:00
MinutesDuration: 0
MinutesInterval: 0
Flags:
HasEndDate = 0
KillAtDuration = 0
Disabled = 0

Trigger 37:
Type: OnIdle
StartDate: 01/01/1999
EndDate: 00/00/0000
StartTime: 00:00
MinutesDuration: 0
MinutesInterval: 0
Flags:
HasEndDate = 0
KillAtDuration = 0
Disabled = 0

Trigger 38:
Type: OnIdle
StartDate: 01/01/1999
EndDate: 00/00/0000
StartTime: 00:00
MinutesDuration: 0
MinutesInterval: 0
Flags:
HasEndDate = 0
KillAtDuration = 0
Disabled = 0

Trigger 39:
Type: OnIdle
StartDate: 01/01/1999
EndDate: 00/00/0000
StartTime: 00:00
MinutesDuration: 0
MinutesInterval: 0
Flags:
HasEndDate = 0
KillAtDuration = 0
Disabled = 0

Trigger 40:
Type: OnIdle
StartDate: 01/01/1999
EndDate: 00/00/0000
StartTime: 00:00
MinutesDuration: 0
MinutesInterval: 0
Flags:
HasEndDate = 0
KillAtDuration = 0
Disabled = 0

Trigger 41:
Type: OnIdle
StartDate: 01/01/1999
EndDate: 00/00/0000
StartTime: 00:00
MinutesDuration: 0
MinutesInterval: 0
Flags:
HasEndDate = 0
KillAtDuration = 0
Disabled = 0

[TRACE] Activating job 'AppleSoftwareUpdate.job'
[TRACE] Printing all job properties

ApplicationName: 'C:\Program Files\Apple Software Update\SoftwareUpdate.exe'
Parameters: '-Task'
WorkingDirectory: ''
Comment: ''
Creator: 'SYSTEM'
Priority: NORMAL
MaxRunTime: 259200000 (3d 0:00:00)
IdleWait: 10
IdleDeadline: 60
MostRecentRun: 04/27/2007 16:59:00
NextRun: 05/04/2007 16:59:00
StartError: S_OK
ExitCode: 0
Status: SCHED_S_TASK_READY
ScheduledWorkItem Flags:
DeleteWhenDone = 0
Suspend = 0
StartOnlyIfIdle = 0
KillOnIdleEnd = 0
RestartOnIdleResume = 0
DontStartIfOnBatteries = 0
KillIfGoingOnBatteries = 0
RunOnlyIfLoggedOn = 0
SystemRequired = 0
Hidden = 0
TaskFlags: 0

1 Trigger

Trigger 0:
Type: Weekly
WeeksInterval: 1
DaysOfTheWeek: .....F.
StartDate: 03/14/2007
EndDate: 00/00/0000
StartTime: 16:59
MinutesDuration: 0
MinutesInterval: 0
Flags:
HasEndDate = 0
KillAtDuration = 0
Disabled = 0

*and direxie.bat:*

Volume in drive C has no label.
Volume Serial Number is 9806-6D38

Directory of C:\Documents and Settings\weiling.neo.2003\Application Data

06/09/2004 05:38 PM .
06/09/2004 05:38 PM ..
05/02/2002 03:04 PM IDENTI~1 Identities
05/02/2002 03:19 PM REAL Real
05/02/2002 03:24 PM MICROS~2 Microsoft Web Folders
05/02/2002 03:44 PM ADOBE Adobe
06/21/2002 04:07 PM DRAG'N~1 Drag'n Drop CD
05/08/2003 10:14 AM HELP Help
08/11/2003 04:45 PM ADOBEUM AdobeUM
05/08/2003 10:24 AM 0 dm.ini
06/10/2004 12:51 AM ICQ
06/10/2004 01:05 AM 3M
06/12/2004 04:56 PM MACROM~1 Macromedia
04/20/2007 12:28 AM 124,120 GDIPFO~1.DAT GDIPFONTCACHEV1.DAT
06/28/2004 06:44 PM SUN Sun
06/29/2004 11:25 PM LEADER~1 Leadertech
06/29/2004 11:25 PM SONIC Sonic
08/30/2004 04:59 PM RATIONAL Rational
09/09/2004 04:17 PM DOWNLO~1 Download Manager
11/07/2004 12:54 PM MOZILLA Mozilla
11/07/2004 12:54 PM TALKBACK Talkback
02/23/2005 11:22 AM LAVASOFT Lavasoft
02/28/2005 09:29 PM APPLEC~1 Apple Computer
03/06/2005 01:53 AM SKYPE Skype
04/27/2005 04:18 PM KEYSAFE KeySafe
07/30/2005 06:58 PM vlc
08/08/2005 12:57 PM GOOGLE Google
06/03/2006 12:23 PM UTORRENT uTorrent
06/04/2006 04:40 PM last.fm
07/25/2006 11:45 AM PLAYFI~1 PlayFirst
08/05/2006 04:58 PM dvdcss
09/14/2006 09:40 AM GLOBAL~1 GlobalSCAPE
11/08/2006 10:57 AM ZEON Zeon
11/24/2006 06:35 PM TELECA Teleca
11/24/2006 06:35 PM SONYER~1 Sony Ericsson
01/06/2007 06:54 PM SECOND~1 SecondLife
01/06/2007 11:19 PM ADOBEAUM AdobeAUM
03/27/2007 01:37 PM U3
04/28/2007 12:05 AM AVG7
2 File(s) 124,120 bytes
37 Dir(s) 1,287,061,504 bytes free
Volume in drive C has no label.
Volume Serial Number is 9806-6D38

Directory of C:\Documents and Settings\All Users\Application Data

05/02/2002 02:21 PM .
05/02/2002 02:21 PM ..
05/02/2002 03:17 PM QUICKT~1 QuickTime
05/15/2002 07:25 PM SYMANTEC Symantec
06/10/2004 12:46 AM SPYBOT~1 Spybot - Search & Destroy
08/30/2004 04:53 PM MICROS~2 Microsoft Help
09/01/2004 09:10 PM TRYMEDIA Trymedia
12/20/2004 01:38 PM MACROV~1 Macrovision
02/28/2005 09:29 PM APPLEC~1 Apple Computer
03/06/2005 01:53 AM SKYPE Skype
07/20/2005 11:38 PM DVX
09/28/2005 08:20 AM IBM
12/29/2005 12:13 AM WINDOW~1 Windows Genuine Advantage
02/04/2006 08:13 PM POPCAP PopCap
03/23/2007 12:02 AM 2,901 QTSBAN~1 QTSBandwidthCache
07/15/2006 09:00 PM MUMBOJ~1 MumboJumbo
07/25/2006 11:45 AM PLAYFI~1 PlayFirst
10/18/2006 10:11 PM GOOGLE Google
11/08/2006 10:51 AM ZEON Zeon
12/04/2006 08:23 AM ADOBE Adobe
01/06/2007 11:06 PM TELECA Teleca
01/06/2007 11:06 PM SONYER~1 Sony Ericsson
04/27/2007 11:58 PM avg7
04/27/2007 11:58 PM GRISOFT Grisoft
1 File(s) 2,901 bytes
23 Dir(s) 1,287,061,504 bytes free
Volume in drive C has no label.
Volume Serial Number is 9806-6D38

Directory of C:\Program Files

05/02/2002 02:22 PM .
05/02/2002 02:22 PM ..
05/02/2002 02:22 PM COMMON~1 Common Files
05/02/2002 02:39 PM WINDOW~1 Windows NT
05/02/2002 02:40 PM MSNGAM~1 MSN Gaming Zone
05/02/2002 02:40 PM MESSEN~1 Messenger
05/02/2002 02:40 PM ONLINE~1 Online Services
05/02/2002 02:40 PM COMPLU~1 ComPlus Applications
05/02/2002 02:42 PM INTERN~1 Internet Explorer
05/02/2002 02:42 PM OUTLOO~1 Outlook Express
05/02/2002 02:42 PM NETMEE~1 NetMeeting
05/02/2002 02:42 PM WINDOW~3 Windows Media Player
05/02/2002 02:43 PM MOVIEM~1 Movie Maker
05/02/2002 02:48 PM MICROS~1 microsoft frontpage
05/02/2002 02:48 PM xerox
05/02/2002 03:17 PM WINZIP WinZip
05/02/2002 03:19 PM  REAL Real
05/02/2002 03:24 PM MICROS~2 Microsoft Office
05/02/2002 03:32 PM MICROS~3 Microsoft Visual Studio
05/02/2002 03:33 PM MICROS~4 Microsoft ActiveSync
05/02/2002 04:05 PM EUROTOOL EuroTool
05/02/2002 04:12 PM OFFICE~1 OfficeUpdate
05/03/2002 11:59 AM INTEL Intel
05/06/2002 06:51 PM MAGICKEY MagicKey
05/15/2002 07:25 PM SYMANTEC Symantec
12/30/2002 10:10 AM WINDOW~4 Windows Journal Viewer
05/08/2003 10:25 AM ADOBE Adobe
04/27/2007 11:58 PM GRISOFT Grisoft
05/08/2003 03:33 PM VVIEWER VViewer
05/09/2003 08:39 AM CISCOS~1 Cisco Systems
05/16/2003 05:04 PM SMU-VPN
07/07/2003 09:56 AM SYNAPT~1 Synaptics
06/09/2004 05:30 PM THINKPAD ThinkPad
06/09/2004 05:33 PM ltmoh
06/09/2004 05:35 PM IBMREC~1 IBM RecordNow!
06/09/2004 05:36 PM ATITEC~1 ATI Technologies
06/10/2004 12:41 AM WINAMP Winamp
06/10/2004 12:46 AM LAVASOFT Lavasoft
06/10/2004 12:46 AM SPYBOT~1 Spybot - Search & Destroy
06/10/2004 12:48 AM GOOGLE Google
06/10/2004 12:50 AM ICQ
06/10/2004 12:50 AM 456 INSTALL.LOG
06/10/2004 01:04 AM EPSON
06/10/2004 01:04 AM 3M
06/10/2004 11:55 AM MIRC mIRC
06/10/2004 12:38 PM WS_FTP
06/10/2004 01:40 PM SENDFILE SendFile
06/10/2004 04:09 PM MPEGWA~1 MpegWare CD Ripper
06/23/2004 02:52 PM K-LITE~1 K-Lite Codec Pack
06/23/2004 02:55 PM DIVX DivX
06/24/2004 01:00 PM CANON Canon
06/28/2004 04:56 PM CA
06/28/2004 05:21 PM MI6841~1 Microsoft SQL Server
06/28/2004 06:43 PM JAVA Java
08/16/2004 04:12 PM SNES9X Snes9x
08/30/2004 04:30 PM RATION~1 Rational XDE Developer Plus Java Platform Edition
08/30/2004 04:53 PM RATIONAL Rational
09/01/2004 09:10 PM POPCAP~1 PopCap Games
09/09/2004 04:32 PM WINPCAP WinPcap
10/01/2004 08:17 AM AUDACITY Audacity
10/30/2004 01:11 PM INTERA~1 InterActual
11/07/2004 12:54 PM MOZILL~1 Mozilla Firefox
12/20/2004 01:35 PM MACROM~1 Macromedia
01/31/2005 09:32 AM DRUGLO~1 Drug Lord 2
02/06/2005 12:37 AM MSNMES~1 MSN Messenger
02/28/2005 09:28 PM IPOD iPod
03/06/2005 01:53 AM SKYPE Skype
04/21/2005 05:38 PM TRYMEDIA TryMedia
06/16/2005 11:51 PM EXTRAC~1 ExtractNow
07/20/2005 10:15 PM DVDDEC~1 DVD Decrypter
07/20/2005 10:55 PM DVX
07/30/2005 06:27 PM VIDEOLAN VideoLAN
09/05/2005 04:44 PM INFOSY~1 Infosys Technologies Ltd
10/22/2005 03:35 PM MI572C~1 Microsoft GIF Animator
03/30/2006 11:47 PM ITUNES iTunes
03/30/2006 11:48 PM QUICKT~1 QuickTime
06/04/2006 04:40 PM LAST~1.FMP Last.fm Player
07/10/2006 11:08 AM PICASA2 Picasa2
07/25/2006 01:04 PM GAMEHO~1 GameHouse
08/05/2006 01:52 PM AHEAD Ahead
08/30/2006 04:26 PM NCS
08/30/2006 04:27 PM NECVIE~1 NEC Viewtechnology, Ltd_NCS
08/30/2006 05:14 PM VIM Vim
09/14/2006 09:39 AM GLOBAL~1 GlobalSCAPE
09/15/2006 11:41 AM JUDE-C~1 JUDE-Community
09/25/2006 01:37 AM FLVPLA~1 FLVPlayer
10/21/2006 01:12 AM BLUETACK Bluetack
11/08/2006 10:57 AM NITROP~1 Nitro PDF
11/24/2006 06:27 PM DISC2P~1 Disc2Phone
11/26/2006 09:58 AM MSXML4~1.0 MSXML 4.0
01/01/2007 10:44 PM AVISYN~1.5 AviSynth 2.5
01/06/2007 06:54 PM SECOND~1 SecondLife
01/06/2007 11:06 PM SONYER~1 Sony Ericsson
01/22/2007 10:52 PM PEERGU~1 PeerGuardian2
02/23/2007 10:36 AM CAMSTU~1 CamStudio
03/10/2007 12:20 AM BCLTEC~1 BCL Technologies
03/14/2007 10:58 PM APPLES~1 Apple Software Update
04/19/2007 05:01 PM SPSS
04/23/2007 01:13 PM SC
1 File(s) 456 bytes
98 Dir(s) 1,287,061,504 bytes free

Thanks! do tell me if there's anything out of the ordinary (other bad progs not from winzix) I really appreciate the help!


----------



## gurge (Apr 27, 2007)

oops sorry! seems to have double posted!


----------



## Cookiegal (Aug 27, 2003)

Please post a new HijackThis log.


----------



## gurge (Apr 27, 2007)

Logfile of HijackThis v1.99.1
Scan saved at 8:55:26 PM, on 4/29/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\ibmpmsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\SMU-VPN\cvpnd.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\CA\eTrust Antivirus\InoRpc.exe
C:\Program Files\CA\eTrust Antivirus\InoRT.exe
C:\Program Files\CA\eTrust Antivirus\InoTask.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\LogWatNT.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\TpKmpSVC.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\WINDOWS\system32\RunDll32.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe
C:\Program Files\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
C:\PROGRA~1\CA\ETRUST~1\realmon.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\3M\PSN2Lite\Psn2Lite.exe
C:\PROGRA~1\3M\PSN2Lite\PSNGive.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\Program Files\Grisoft\AVG7\avgcc.exe
C:\Program Files\VideoLAN\VLC\vlc.exe
C:\Documents and Settings\weiling.neo.2003\Desktop\utorrent.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Documents and Settings\weiling.neo.2003\Desktop\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.smu.edu.sg/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.singnet.com.sg:8080
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [BMMGAG] RunDll32 C:\PROGRA~1\ThinkPad\UTILIT~1\pwrmonit.dll,StartPwrMonitor
O4 - HKLM\..\Run: [BMMLREF] C:\Program Files\ThinkPad\Utilities\BMMLREF.EXE
O4 - HKLM\..\Run: [BMMMONWND] rundll32.exe C:\PROGRA~1\ThinkPad\UTILIT~1\BatInfEx.dll,BMMAutonomicMonitor
O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [EPSON Stylus C41 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P23 "EPSON Stylus C41 Series" /O5 "LPT1:" /M "Stylus C41"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Realtime Monitor] C:\PROGRA~1\CA\ETRUST~1\realmon.exe -s
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [RealPlayer] "C:\Program Files\Real\RealOne Player\realplay.exe" /RunUPGToolCommandReBoot
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - Global Startup: SMU VPN Client.lnk = C:\Program Files\SMU-VPN\ipsecdialer.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Post-it® Software Notes Lite.lnk = C:\Program Files\3M\PSN2Lite\Psn2Lite.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {639658F3-B141-4D6B-B936-226F75A5EAC3} (CPlayFirstDinerDash2Control Object) - http://www.shockwave.com/content/dinerdash2/sis/DinerDash2.1.0.0.53.cab
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://www.shockwave.com/content/luxor/sis/mjolauncher.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {CD259AEC-23E6-4E64-8138-7E28D56666D7} (SQFViewer10X Element) - http://www.natuerlich-birkenstock.de/v1/SQFViewer10.ocx
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.popcap.com/games/popcaploader_v6.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = student.smu.edu.sg
O17 - HKLM\Software\..\Telephony: DomainName = student.smu.edu.sg
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = student.smu.edu.sg
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = student.smu.edu.sg
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\SMU-VPN\cvpnd.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: IBM PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\System32\ibmpmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: eTrust Antivirus RPC Server (InoRPC) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRpc.exe
O23 - Service: eTrust Antivirus Realtime Server (InoRT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRT.exe
O23 - Service: eTrust Antivirus Job Server (InoTask) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoTask.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Event Log Watch (LogWatch) - Unknown owner - C:\WINDOWS\LogWatNT.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe

Sorry about that! thanks! i get ads, but not CiD ones, but it could have come up when I visit blogspot only :\ so i'm not very sure...


----------



## Cookiegal (Aug 27, 2003)

Download *AVG Anti-Spyware* from *HERE* and save that file to your desktop.

When the trial period expires it becomes feature-limited freeware but is still worth keeping as a good on-demand scanner.


Once you have downloaded AVG Anti-Spyware, locate the icon on the desktop and double click it to launch the set up program.
Once the setup is complete you will need run AVG Anti-Spyware and update the definition files.
On the main screen select the icon "*Update*" then select the "*Update now*" link.
Next select the "*Start Update*" button. The update will start and a progress bar will show the updates being installed.

Once the update has completed, select the "*Scanner*" icon at the top of the screen, then select the "*Settings*" tab.
Once in the Settings screen click on "*Recommended actions*" and then select "*Quarantine*".
Under "*Reports*"
Select "*Automatically generate report after every scan*"
Un-Select "*Only if threats were found*"

Close AVG Anti-Spyware. Do Not run a scan just yet, we will run it in safe mode.
Reboot your computer into *Safe Mode*. You can do this by restarting your computer and continually tapping the *F8* key until a menu appears. Use your up arrow key to highlight *Safe Mode* then hit enter.

*IMPORTANT:* Do not open any other windows or programs while AVG Anti-Spyware is scanning as it may interfere with the scanning process:

Launch AVG Anti-Spyware by double clicking the icon on your desktop.
Select the "*Scanner*" icon at the top and then the "*Scan*" tab then click on "*Complete System Scan*".
AVG will now begin the scanning process. Please be patient as this may take a little time.
*Once the scan is complete, do the following:*
If you have any infections you will be prompted. Then select "*Apply all actions.*"
Next select the "*Reports*" icon at the top.
Select the "*Save report as*" button in the lower left-hand of the screen and save it to a text file on your system (make sure to remember where you saved that file. This is important).
Close AVG Anti-Spyware and reboot your system back into Normal Mode.

Please go *HERE* to run Panda's ActiveScan
You need to use IE to run this scan
Once you are on the Panda site click the *Scan your PC* button
A new window will open...click the *Check Now* button
Enter your *Country*
Enter your *State/Province*
Enter your *e-mail address* and click *send*
Select either *Home User* or *Company*
Click the big *Scan Now* button
If it wants to install an ActiveX component allow it
It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
When download is complete, click on *My Computer* to start the scan
When the scan completes, if anything malicious is detected, click the *See Report* button, *then Save Report* and save it to a convenient location. Post the contents of the ActiveScan report

*Come back here and post a new HijackThis log along with the logs from the AVG and Panda scans.*


----------

