Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Need help with this

Started by desperateuser , Apr 20 2007 08:45 AM

  • This topic is locked This topic is locked

#1
desperateuser
Posted 20 April 2007 - 08:45 AM

desperateuser

    Member

  • Member
  • PipPip
  • 11 posts
Hi, I downloaded something which installed this malware by DeluxeCommunications, or DXC. I searched for this and realised that it was actually similar to the SSK malware. I followed steps and removed it, but that's not end of story.

I discovered that there was still this malware on my laptop. I tried following steps found at http://www.geekstogo...php/t75304.html, but the killVundo.bat file would just display "Killing processes..." and then nothing happens. I can't press anything, nor CtrlAltDel...so I decided to get help.

Here's my Hjt log.

Logfile of HijackThis v1.99.1
Scan saved at 10:38:00 PM, on 4/20/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\ISS\issSensors\DesktopProtection\blackd.exe
C:\Program Files\IBM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\NUS-VPN\cvpnd.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe
C:\WINDOWS\System32\QCONSVC.EXE
C:\Program Files\ISS\issSensors\DesktopProtection\RapApp.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\TPHDEXLG.EXE
C:\WINDOWS\system32\TpKmpSVC.exe
C:\WINDOWS\System32\urtclsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\TpShocks.exe
C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe
C:\Program Files\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe
C:\IBMTOOLS\UTILS\ibmprc.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\WINDOWS\VM_STI.EXE
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Yahoo! Widget Engine\YahooWidgetEngine.exe
C:\Program Files\Yahoo! Widget Engine\YahooWidgetEngine.exe
C:\Program Files\Yahoo! Widget Engine\YahooWidgetEngine.exe
C:\Program Files\Yahoo! Widget Engine\YahooWidgetEngine.exe
C:\Program Files\Yahoo! Widget Engine\YahooWidgetEngine.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\EditPadLite\EditPadLite.exe
C:\Documents and Settings\u0507196\Desktop\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.nus.edu.sg
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = fol.singnet.com.sg:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost; 127.0.0.1; 192.168.1.254;<local>
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper
O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
O4 - HKLM\..\Run: [TP4EX] tp4ex.exe
O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [UC_Start] C:\Program Files\IBM\Updater\\ucstartup.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [IBMPRC] C:\IBMTOOLS\UTILS\ibmprc.exe
O4 - HKLM\..\Run: [PWRMGRTR] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE VIMICRO USB PC Camera 301x
O4 - HKLM\..\Run: [BLOG] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [QCWLIcon] C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [EOUApp] "C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe"
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~1.DLL,NewDotNetStartup -s
O4 - HKLM\..\Run: [PrintDrive] rundll32.exe "C:\WINDOWS\system32\vnkihfee.dll",setvm
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Yahoo! Widget Engine.lnk = C:\Program Files\Yahoo! Widget Engine\YahooWidgetEngine.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\IBM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\IBM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\IBM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Software Installer - {D1A4DEBD-C2EE-449f-B9FB-E8409F9A0BC5} - C:\Program Files\ThinkPad\PkgMgr\\PkgMgr.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O14 - IERESET.INF: START_PAGE_URL=http://www.nus.edu.sg
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = stu.nus.edu.sg
O17 - HKLM\Software\..\Telephony: DomainName = stu.nus.edu.sg
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = stu.nus.edu.sg
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = stu.nus.edu.sg
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = stu.nus.edu.sg
O17 - HKLM\System\CS4\Services\Tcpip\Parameters: Domain = stu.nus.edu.sg
O17 - HKLM\System\CS5\Services\Tcpip\Parameters: Domain = stu.nus.edu.sg
O17 - HKLM\System\CS6\Services\Tcpip\Parameters: Domain = stu.nus.edu.sg
O17 - HKLM\System\CS7\Services\Tcpip\Parameters: Domain = stu.nus.edu.sg
O17 - HKLM\System\CS8\Services\Tcpip\Parameters: Domain = stu.nus.edu.sg
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: widimg - {EE7C2AFF-5742-44FF-BD0E-E521B0D3C3BA} - C:\WINDOWS\system32\btxppanel.dll
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: BlackICE - Internet Security Systems, Inc. - C:\Program Files\ISS\issSensors\DesktopProtection\blackd.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation - C:\Program Files\IBM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\NUS-VPN\cvpnd.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: IBM Rapid Restore Ultra Service - Unknown owner - C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe
O23 - Service: IBM PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: SQL Server (SQLEXPRESS) (MSSQL$SQLEXPRESS) - Unknown owner - C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sSQLEXPRESS (file missing)
O23 - Service: OpenVPN Service (OpenVPNService) - Unknown owner - C:\Program Files\OpenVPN\bin\openvpnserv.exe
O23 - Service: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - C:\WINDOWS\system32\PsaSrv.exe (file missing)
O23 - Service: QCONSVC - IBM Corp. - C:\WINDOWS\System32\QCONSVC.EXE
O23 - Service: RapApp - Internet Security Systems, Inc. - C:\Program Files\ISS\issSensors\DesktopProtection\RapApp.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Apache Tomcat (Tomcat5) - Unknown owner - C:\Program Files\Apache Software Foundation\Tomcat 5.5\bin\tomcat5.exe" //RS//Tomcat5 (file missing)
O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\WINDOWS\System32\TPHDEXLG.EXE
O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe
O23 - Service: URT Client Service (urtclientservice) - Unknown owner - C:\WINDOWS\System32\urtclsvc.exe
O23 - Service: ISS Buffer Overflow Exploit Prevention (VPatch) - Internet Security Systems, Inc. - C:\Program Files\ISS\issSensors\DesktopProtection\vpatch.exe

ddcya.dll did not show up on the above log, but it showed up on the v2 BETA log.

Scan saved at 10:13:27 PM, on 4/20/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\ISS\issSensors\DesktopProtection\blackd.exe
C:\Program Files\IBM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\NUS-VPN\cvpnd.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe
C:\WINDOWS\System32\QCONSVC.EXE
C:\Program Files\ISS\issSensors\DesktopProtection\RapApp.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\TPHDEXLG.EXE
C:\WINDOWS\system32\TpKmpSVC.exe
C:\WINDOWS\System32\urtclsvc.exe
C:\Program Files\ISS\issSensors\DesktopProtection\vpatch.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\TpShocks.exe
C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe
C:\Program Files\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe
C:\IBMTOOLS\UTILS\ibmprc.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\WINDOWS\VM_STI.EXE
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Yahoo! Widget Engine\YahooWidgetEngine.exe
C:\Program Files\Yahoo! Widget Engine\YahooWidgetEngine.exe
C:\Program Files\Yahoo! Widget Engine\YahooWidgetEngine.exe
C:\Program Files\Yahoo! Widget Engine\YahooWidgetEngine.exe
C:\Program Files\Yahoo! Widget Engine\YahooWidgetEngine.exe
C:\Documents and Settings\u0507196\Desktop\HiJackThis_v2.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.nus.edu.sg
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = fol.singnet.com.sg:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost; 127.0.0.1; 192.168.1.254;<local>
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1557B435-8242-4686-9AA3-9265BF7525A4} - blank (file missing)
O2 - BHO: (no name) - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - (no file)
O2 - BHO: (no name) - {3ACD8872-77A3-468F-9EB8-9F9C862C90F1} - blank (file missing)
O2 - BHO: URLLink Class - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - C:\Program Files\NewDotNet\newdotnet6_38.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: (no name) - {7AC06F58-F80C-4940-A14C-E09FE77F9DD2} - C:\WINDOWS\system32\urqollm.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {CD8A7CAE-E279-4C0B-A678-2989FDC06AC0} - C:\WINDOWS\system32\ddcya.dll
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper
O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
O4 - HKLM\..\Run: [TP4EX] tp4ex.exe
O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [UC_Start] C:\Program Files\IBM\Updater\\ucstartup.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [IBMPRC] C:\IBMTOOLS\UTILS\ibmprc.exe
O4 - HKLM\..\Run: [PWRMGRTR] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE VIMICRO USB PC Camera 301x
O4 - HKLM\..\Run: [BLOG] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [QCWLIcon] C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [EOUApp] "C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe"
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~1.DLL,NewDotNetStartup -s
O4 - HKLM\..\Run: [PrintDrive] rundll32.exe "C:\WINDOWS\system32\vnkihfee.dll",setvm
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [configmsi] cmd /c "rmdir /q C:\config.msi" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [configmsi] cmd /c "rmdir /q C:\config.msi" (User 'Default user')
O4 - Startup: Yahoo! Widget Engine.lnk = C:\Program Files\Yahoo! Widget Engine\YahooWidgetEngine.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\IBM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\IBM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\IBM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Software Installer - {D1A4DEBD-C2EE-449f-B9FB-E8409F9A0BC5} - C:\Program Files\ThinkPad\PkgMgr\\PkgMgr.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O14 - IERESET.INF: START_PAGE_URL=http://www.nus.edu.sg
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = stu.nus.edu.sg
O17 - HKLM\Software\..\Telephony: DomainName = stu.nus.edu.sg
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = stu.nus.edu.sg
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = stu.nus.edu.sg
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = stu.nus.edu.sg
O17 - HKLM\System\CS4\Services\Tcpip\Parameters: Domain = stu.nus.edu.sg
O17 - HKLM\System\CS5\Services\Tcpip\Parameters: Domain = stu.nus.edu.sg
O17 - HKLM\System\CS6\Services\Tcpip\Parameters: Domain = stu.nus.edu.sg
O17 - HKLM\System\CS7\Services\Tcpip\Parameters: Domain = stu.nus.edu.sg
O17 - HKLM\System\CS8\Services\Tcpip\Parameters: Domain = stu.nus.edu.sg
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL
O20 - Winlogon Notify: ddcya - C:\WINDOWS\system32\ddcya.dll
O20 - Winlogon Notify: urqollm - C:\WINDOWS\SYSTEM32\urqollm.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: BlackICE - Internet Security Systems, Inc. - C:\Program Files\ISS\issSensors\DesktopProtection\blackd.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation - C:\Program Files\IBM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\NUS-VPN\cvpnd.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: IBM Rapid Restore Ultra Service - Unknown owner - C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe
O23 - Service: IBM PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: OpenVPN Service (OpenVPNService) - Unknown owner - C:\Program Files\OpenVPN\bin\openvpnserv.exe
O23 - Service: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - C:\WINDOWS\system32\PsaSrv.exe (file missing)
O23 - Service: QCONSVC - IBM Corp. - C:\WINDOWS\System32\QCONSVC.EXE
O23 - Service: RapApp - Internet Security Systems, Inc. - C:\Program Files\ISS\issSensors\DesktopProtection\RapApp.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Apache Tomcat (Tomcat5) - Apache Software Foundation - C:\Program Files\Apache Software Foundation\Tomcat 5.5\bin\tomcat5.exe
O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\WINDOWS\System32\TPHDEXLG.EXE
O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe
O23 - Service: URT Client Service (urtclientservice) - Unknown owner - C:\WINDOWS\System32\urtclsvc.exe
O23 - Service: ISS Buffer Overflow Exploit Prevention (VPatch) - Internet Security Systems, Inc. - C:\Program Files\ISS\issSensors\DesktopProtection\vpatch.exe

I tried searching for urqollm.dll but found nothing on it, so I suspect this file. Then I went to the system32 directory and found urqollm.dll, but no ddcya.dll, even with view hidden files option on.

Help appreciated ASAP, thanks!

Edited by desperateuser, 20 April 2007 - 08:47 AM.

  • 0

Advertisements

#2
Daemon
Posted 20 April 2007 - 12:39 PM

Daemon

    Security Expert

  • Retired Staff
  • 4,356 posts
  • MVP
Download AVG Anti-Spyware from HERE and save that file to your desktop.
This is a 30 day trial of the program
  • Once you have downloaded AVG Anti-Spyware, locate the icon on the desktop and double-click it to launch the set up program.
  • Once the setup is complete you will need run AVG Anti-Spyware and update the definition files.
  • On the main screen select the icon "Update" then select the "Update now" link.
    • Next select the "Start Update" button, the update will start and a progress bar will show the updates being installed.
  • Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
  • Once in the Settings screen click on "Recommended actions" and then select "Quarantine".
  • Under "Reports"
    • Select "Automatically generate report after every scan"
    • Un-Select "Only if threats were found"
Close AVG Anti-Spyware, Do Not run a scan just yet, we will shortly.
  • Reboot your computer into SafeMode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight SafeMode then hit enter.
    IMPORTANT: Do not open any other windows or programs while AVG Anti-Spyware is scanning, it may interfere with the scanning proccess:
  • Lauch AVG Anti-Spyware by double-clicking the icon on your desktop.
  • Select the "Scanner" icon at the top and then the "Scan" tab then click on "Complete System Scan".
  • AVG Anti-Spyware will now begin the scanning process, be patient this may take a little time.
    Once the scan is complete do the following:
  • If you have any infections you will prompted, then select "Apply all actions"
  • Next select the "Reports" icon at the top.
  • Select the "Save report as" button in the lower left hand of the screen and save it to a text file on your system (make sure to remember where you saved that file, this is important).
  • Close AVG Anti-Spyware and reboot your system back into Normal Mode.
Post the results of the AVG Anti-Spyware report scan. Then do this - download SUPERAntiSpyware Home Edition (free version)
  • Install it and double-click the icon on your desktop to run it.
  • It will ask if you want to update the program definitions, click Yes.
  • Under Configuration and Preferences, click the Preferences button.
  • Click the Scanning Control tab.
  • Under Scanner Options make sure the following are checked:
    • Close browsers before scanning
    • Scan for tracking cookies
    • Terminate memory threats before quarantining.
    • Please leave the others unchecked.
    • Click the Close button to leave the control center screen.
  • On the main screen, under Scan for Harmful Software click Scan your computer.
  • On the left check C:\Fixed Drive.
  • On the right, under Complete Scan, choose Perform Complete Scan.
  • Click Next to start the scan. Please be patient while it scans your computer.
  • After the scan is complete a summary box will appear. Click OK.
  • Make sure everything in the white box has a check next to it, then click Next.
  • It will quarantine what it found and if it asks if you want to reboot, click Yes.
  • To retrieve the removal information for me please do the following:
    • After reboot, double-click the SUPERAntispyware icon on your desktop.
    • Click Preferences. Click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • It will open in your default text editor (such as Notepad/Wordpad).
    • Please highlight everything in the notepad, then right-click and choose copy.
  • Click close and close again to exit the program.
  • Please paste that information here for me with a new HijackThis log.

  • 0

#3
desperateuser
Posted 21 April 2007 - 04:49 AM

desperateuser

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
AVG AntiSpyware log

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 3:02:14 PM 4/21/2007

+ Scan result:



C:\Program Files\NewDotNet -> Adware.NewDotNet : Cleaned with backup (quarantined).
C:\Program Files\NewDotNet\__delete_on_reboot__n_e_w_d_o_t_n_e_t_6___3_8_._d_l_l_ -> Adware.NewDotNet : Cleaned with backup (quarantined).
C:\Program Files\NewDotNet\readme.html -> Adware.NewDotNet : Cleaned with backup (quarantined).
C:\Program Files\NewDotNet\uninstall6_38.exe -> Adware.NewDotNet : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5D527826-05BD-4A83-8416-28ACDDA14001}\RP335\A0106205.dll -> Adware.NewDotNet : Cleaned with backup (quarantined).
C:\WINDOWS\NDNuninstall6_38.exe -> Adware.NewDotNet : Cleaned with backup (quarantined).
C:\WINDOWS\system32\micro1\f1.exe -> Adware.NewDotNet : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{4A2AACF3-ADF6-11D5-98A9-00E018981B9E} -> Adware.NewDotNet : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\Tldctl2.URLLink -> Adware.NewDotNet : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\Tldctl2.URLLink.1 -> Adware.NewDotNet : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\Tldctl2.URLLink\CLSID -> Adware.NewDotNet : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\Tldctl2.URLLink\CurVer -> Adware.NewDotNet : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4A2AACF3-ADF6-11D5-98A9-00E018981B9E} -> Adware.NewDotNet : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\New.net Startup -> Adware.NewDotNet : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\New.net -> Adware.NewDotNet : Cleaned with backup (quarantined).
HKLM\SOFTWARE\New.net -> Adware.NewDotNet : Cleaned with backup (quarantined).
HKU\.DEFAULT\Software\New.net -> Adware.NewDotNet : Cleaned with backup (quarantined).
HKU\S-1-5-18\Software\New.net -> Adware.NewDotNet : Cleaned with backup (quarantined).
C:\WINDOWS\system32\micro1\f4.exe -> Adware.SurfSide : Cleaned with backup (quarantined).
C:\WINDOWS\system32\urqollm.dll -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\Program Files\mIRC\zion\plugins\zion_updater.mrc -> Backdoor.Small.o : Cleaned with backup (quarantined).
C:\WINDOWS\system32\micro1\fin5.exe -> Dropper.Agent.bfr : Cleaned with backup (quarantined).
C:\WINDOWS\system32\drivers\core.sys -> Rootkit.Agent.eq : Cleaned with backup (quarantined).
:mozilla.413:C:\Documents and Settings\u0507196\Application Data\Mozilla\Firefox\Profiles\zavc4yj6.default\cookies.txt -> TrackingCookie.2o7 : Ignored.
:mozilla.414:C:\Documents and Settings\u0507196\Application Data\Mozilla\Firefox\Profiles\zavc4yj6.default\cookies.txt -> TrackingCookie.2o7 : Ignored.
:mozilla.415:C:\Documents and Settings\u0507196\Application Data\Mozilla\Firefox\Profiles\zavc4yj6.default\cookies.txt -> TrackingCookie.2o7 : Ignored.
:mozilla.416:C:\Documents and Settings\u0507196\Application Data\Mozilla\Firefox\Profiles\zavc4yj6.default\cookies.txt -> TrackingCookie.2o7 : Ignored.
:mozilla.417:C:\Documents and Settings\u0507196\Application Data\Mozilla\Firefox\Profiles\zavc4yj6.default\cookies.txt -> TrackingCookie.2o7 : Ignored.
:mozilla.418:C:\Documents and Settings\u0507196\Application Data\Mozilla\Firefox\Profiles\zavc4yj6.default\cookies.txt -> TrackingCookie.2o7 : Ignored.
:mozilla.419:C:\Documents and Settings\u0507196\Application Data\Mozilla\Firefox\Profiles\zavc4yj6.default\cookies.txt -> TrackingCookie.2o7 : Ignored.
:mozilla.420:C:\Documents and Settings\u0507196\Application Data\Mozilla\Firefox\Profiles\zavc4yj6.default\cookies.txt -> TrackingCookie.2o7 : Ignored.
:mozilla.421:C:\Documents and Settings\u0507196\Application Data\Mozilla\Firefox\Profiles\zavc4yj6.default\cookies.txt -> TrackingCookie.2o7 : Ignored.
:mozilla.422:C:\Documents and Settings\u0507196\Application Data\Mozilla\Firefox\Profiles\zavc4yj6.default\cookies.txt -> TrackingCookie.2o7 : Ignored.
:mozilla.423:C:\Documents and Settings\u0507196\Application Data\Mozilla\Firefox\Profiles\zavc4yj6.default\cookies.txt -> TrackingCookie.2o7 : Ignored.
:mozilla.424:C:\Documents and Settings\u0507196\Application Data\Mozilla\Firefox\Profiles\zavc4yj6.default\cookies.txt -> TrackingCookie.2o7 : Ignored.
:mozilla.425:C:\Documents and Settings\u0507196\Application Data\Mozilla\Firefox\Profiles\zavc4yj6.default\cookies.txt -> TrackingCookie.2o7 : Ignored.
:mozilla.426:C:\Documents and Settings\u0507196\Application Data\Mozilla\Firefox\Profiles\zavc4yj6.default\cookies.txt -> TrackingCookie.2o7 : Ignored.
:mozilla.427:C:\Documents and Settings\u0507196\Application Data\Mozilla\Firefox\Profiles\zavc4yj6.default\cookies.txt -> TrackingCookie.2o7 : Ignored.
:mozilla.428:C:\Documents and Settings\u0507196\Application Data\Mozilla\Firefox\Profiles\zavc4yj6.default\cookies.txt -> TrackingCookie.2o7 : Ignored.
:mozilla.429:C:\Documents and Settings\u0507196\Application Data\Mozilla\Firefox\Profiles\zavc4yj6.default\cookies.txt -> TrackingCookie.2o7 : Ignored.
:mozilla.430:C:\Documents and Settings\u0507196\Application Data\Mozilla\Firefox\Profiles\zavc4yj6.default\cookies.txt -> TrackingCookie.2o7 : Ignored.
:mozilla.431:C:\Documents and Settings\u0507196\Application Data\Mozilla\Firefox\Profiles\zavc4yj6.default\cookies.txt -> TrackingCookie.2o7 : Ignored.
:mozilla.432:C:\Documents and Settings\u0507196\Application Data\Mozilla\Firefox\Profiles\zavc4yj6.default\cookies.txt -> TrackingCookie.2o7 : Ignored.
:mozilla.433:C:\Documents and Settings\u0507196\Application Data\Mozilla\Firefox\Profiles\zavc4yj6.default\cookies.txt -> TrackingCookie.2o7 : Ignored.
:mozilla.470:C:\Documents and Settings\u0507196\Application Data\Mozilla\Firefox\Profiles\zavc4yj6.default\cookies.txt -> TrackingCookie.2o7 : Ignored.
:mozilla.471:C:\Documents and Settings\u0507196\Application Data\Mozilla\Firefox\Profiles\zavc4yj6.default\cookies.txt -> TrackingCookie.2o7 : Ignored.
:mozilla.685:C:\Documents and Settings\u0507196\Application Data\Mozilla\Firefox\Profiles\zavc4yj6.default\cookies.txt -> TrackingCookie.2o7 : Ignored.
:mozilla.709:C:\Documents and Settings\u0507196\Application Data\Mozilla\Firefox\Profiles\zavc4yj6.default\cookies.txt -> TrackingCookie.2o7 : Ignored.
:mozilla.255:C:\Documents and Settings\u0507196\Application Data\Mozilla\Firefox\Profiles\zavc4yj6.default\cookies.txt -> TrackingCookie.Adbrite : Ignored.
:mozilla.256:C:\Documents and Settings\u0507196\Application Data\Mozilla\Firefox\Profiles\zavc4yj6.default\cookies.txt -> TrackingCookie.Adbrite : Ignored.
:mozilla.257:C:\Documents and Settings\u0507196\Application Data\Mozilla\Firefox\Profiles\zavc4yj6.default\cookies.txt -> TrackingCookie.Adbrite : Ignored.
:mozilla.258:C:\Documents and Settings\u0507196\Application Data\Mozilla\Firefox\Profiles\zavc4yj6.default\cookies.txt -> TrackingCookie.Adbrite : Ignored.
:mozilla.259:C:\Documents and Settings\u0507196\Application Data\Mozilla\Firefox\Profiles\zavc4yj6.default\cookies.txt -> TrackingCookie.Adbrite : Ignored.
:mozilla.505:C:\Documents and Settings\u0507196\Application Data\Mozilla\Firefox\Profiles\zavc4yj6.default\cookies.txt -> TrackingCookie.Adrevolver : Ignored.
:mozilla.506:C:\Documents and Settings\u0507196\Application Data\Mozilla\Firefox\Profiles\zavc4yj6.default\cookies.txt -> TrackingCookie.Adrevolver : Ignored.
:mozilla.507:C:\Documents and Settings\u0507196\Application Data\Mozilla\Firefox\Profiles\zavc4yj6.default\cookies.txt -> TrackingCookie.Adrevolver : Ignored.
:mozilla.508:C:\Documents and Settings\u0507196\Application Data\Mozilla\Firefox\Profiles\zavc4yj6.default\cookies.txt -> TrackingCookie.Adrevolver : Ignored.
:mozilla.509:C:\Documents and Settings\u0507196\Application Data\Mozilla\Firefox\Profiles\zavc4yj6.default\cookies.txt -> TrackingCookie.Adrevolver : Ignored.
:mozilla.510:C:\Documents and Settings\u0507196\Application Data\Mozilla\Firefox\Profiles\zavc4yj6.default\cookies.txt -> TrackingCookie.Adrevolver : Ignored.
:mozilla.181:C:\Documents and Settings\u0507196\Application Data\Mozilla\Firefox\Profiles\zavc4yj6.default\cookies.txt -> TrackingCookie.Adtech : Ignored.
:mozilla.182:C:\Documents and Settings\u0507196\Application Data\Mozilla\Firefox\Profiles\zavc4yj6.default\cookies.txt -> TrackingCookie.Adtech : Ignored.
:mozilla.187:C:\Documents and Settings\u0507196\Application Data\Mozilla\Firefox\Profiles\zavc4yj6.default\cookies.txt -> TrackingCookie.Advertising : Ignored.
:mozilla.188:C:\Documents and Settings\u0507196\Application Data\Mozilla\Firefox\Profiles\zavc4yj6.default\cookies.txt -> TrackingCookie.Advertising : Ignored.
:mozilla.189:C:\Documents and Settings\u0507196\Application Data\Mozilla\Firefox\Profiles\zavc4yj6.default\cookies.txt -> TrackingCookie.Advertising : Ignored.
:mozilla.190:C:\Documents and Settings\u0507196\Application Data\Mozilla\Firefox\Profiles\zavc4yj6.default\cookies.txt -> TrackingCookie.Advertising : Ignored.
:mozilla.191:C:\Documents and Settings\u0507196\Application Data\Mozilla\Firefox\Profiles\zavc4yj6.default\cookies.txt -> TrackingCookie.Advertising : Ignored.
:mozilla.131:C:\Documents and Settings\u0507196\Application Data\Mozilla\Firefox\Profiles\zavc4yj6.default\cookies.txt -> TrackingCookie.Atdmt : Ignored.
:mozilla.704:C:\Documents and Settings\u0507196\Application Data\Mozilla\Firefox\Profiles\zavc4yj6.default\cookies.txt -> TrackingCookie.Bfast : Ignored.
:mozilla.77:C:\Documents and Settings\u0507196\Application Data\Mozilla\Firefox\Profiles\zavc4yj6.default\cookies.txt -> TrackingCookie.Burstbeacon : Ignored.
:mozilla.74:C:\Documents and Settings\u0507196\Application Data\Mozilla\Firefox\Profiles\zavc4yj6.default\cookies.txt -> TrackingCookie.Burstnet : Ignored.
:mozilla.75:C:\Documents and Settings\u0507196\Application Data\Mozilla\Firefox\Profiles\zavc4yj6.default\cookies.txt -> TrackingCookie.Burstnet : Ignored.
:mozilla.76:C:\Documents and Settings\u0507196\Application Data\Mozilla\Firefox\Profiles\zavc4yj6.default\cookies.txt -> TrackingCookie.Burstnet : Ignored.
C:\Documents and Settings\u0507196\Cookies\[email protected][1].txt -> TrackingCookie.Burstnet : Ignored.
:mozilla.260:C:\Documents and Settings\u0507196\Application Data\Mozilla\Firefox\Profiles\zavc4yj6.default\cookies.txt -> TrackingCookie.Casalemedia : Ignored.
:mozilla.261:C:\Documents and Settings\u0507196\Application Data\Mozilla\Firefox\Profiles\zavc4yj6.default\cookies.txt -> TrackingCookie.Casalemedia : Ignored.
:mozilla.262:C:\Documents and Settings\u0507196\Application Data\Mozilla\Firefox\Profiles\zavc4yj6.default\cookies.txt -> TrackingCookie.Casalemedia : Ignored.
:mozilla.263:C:\Documents and Settings\u0507196\Application Data\Mozilla\Firefox\Profiles\zavc4yj6.default\cookies.txt -> TrackingCookie.Casalemedia : Ignored.
C:\Documents and Settings\u0507196\Cookies\u0507196@casalemedia[2].txt -> TrackingCookie.Casalemedia : Ignored.
:mozilla.871:C:\Documents and Settings\u0507196\Application Data\Mozilla\Firefox\Profiles\zavc4yj6.default\cookies.txt -> TrackingCookie.Clickhype : Ignored.
:mozilla.116:C:\Documents and Settings\u0507196\Application Data\Mozilla\Firefox\Profiles\zavc4yj6.default\cookies.txt -> TrackingCookie.Com : Ignored.
:mozilla.117:C:\Documents and Settings\u0507196\Application Data\Mozilla\Firefox\Profiles\zavc4yj6.default\cookies.txt -> TrackingCookie.Com : Ignored.
:mozilla.183:C:\Documents and Settings\u0507196\Application Data\Mozilla\Firefox\Profiles\zavc4yj6.default\cookies.txt -> TrackingCookie.Connextra : Ignored.
:mozilla.194:C:\Documents and Settings\u0507196\Application Data\Mozilla\Firefox\Profiles\zavc4yj6.default\cookies.txt -> TrackingCookie.Connextra : Ignored.
:mozilla.864:C:\Documents and Settings\u0507196\Application Data\Mozilla\Firefox\Profiles\zavc4yj6.default\cookies.txt -> TrackingCookie.Connextra : Ignored.
:mozilla.879:C:\Documents and Settings\u0507196\Application Data\Mozilla\Firefox\Profiles\zavc4yj6.default\cookies.txt -> TrackingCookie.Connextra : Ignored.
:mozilla.118:C:\Documents and Settings\u0507196\Application Data\Mozilla\Firefox\Profiles\zavc4yj6.default\cookies.txt -> TrackingCookie.Doubleclick : Ignored.
:mozilla.119:C:\Documents and Settings\u0507196\Application Data\Mozilla\Firefox\Profiles\zavc4yj6.default\cookies.txt -> TrackingCookie.Doubleclick : Ignored.
:mozilla.735:C:\Documents and Settings\u0507196\Application Data\Mozilla\Firefox\Profiles\zavc4yj6.default\cookies.txt -> TrackingCookie.Doubleclick : Ignored.
C:\Documents and Settings\u0507196\Cookies\[email protected][2].txt -> TrackingCookie.Epilot : Ignored.
:mozilla.502:C:\Documents and Settings\u0507196\Application Data\Mozilla\Firefox\Profiles\zavc4yj6.default\cookies.txt -> TrackingCookie.Falkag : Ignored.
:mozilla.253:C:\Documents and Settings\u0507196\Application Data\Mozilla\Firefox\Profiles\zavc4yj6.default\cookies.txt -> TrackingCookie.Fastclick : Ignored.
:mozilla.254:C:\Documents and Settings\u0507196\Application Data\Mozilla\Firefox\Profiles\zavc4yj6.default\cookies.txt -> TrackingCookie.Fastclick : Ignored.
:mozilla.168:C:\Documents and Settings\u0507196\Application Data\Mozilla\Firefox\Profiles\zavc4yj6.default\cookies.txt -> TrackingCookie.Hitbox : Ignored.
:mozilla.169:C:\Documents and Settings\u0507196\Application Data\Mozilla\Firefox\Profiles\zavc4yj6.default\cookies.txt -> TrackingCookie.Hitbox : Ignored.
:mozilla.170:C:\Documents and Settings\u0507196\Application Data\Mozilla\Firefox\Profiles\zavc4yj6.default\cookies.txt -> TrackingCookie.Hitbox : Ignored.
:mozilla.171:C:\Documents and Settings\u0507196\Application Data\Mozilla\Firefox\Profiles\zavc4yj6.default\cookies.txt -> TrackingCookie.Hitbox : Ignored.
:mozilla.172:C:\Documents and Settings\u0507196\Application Data\Mozilla\Firefox\Profiles\zavc4yj6.default\cookies.txt -> TrackingCookie.Hitbox : Ignored.
:mozilla.174:C:\Documents and Settings\u0507196\Application Data\Mozilla\Firefox\Profiles\zavc4yj6.default\cookies.txt -> TrackingCookie.Hitbox : Ignored.
:mozilla.204:C:\Documents and Settings\u0507196\Application Data\Mozilla\Firefox\Profiles\zavc4yj6.default\cookies.txt -> TrackingCookie.Hitbox : Ignored.
:mozilla.205:C:\Documents and Settings\u0507196\Application Data\Mozilla\Firefox\Profiles\zavc4yj6.default\cookies.txt -> TrackingCookie.Hitbox : Ignored.
:mozilla.206:C:\Documents and Settings\u0507196\Application Data\Mozilla\Firefox\Profiles\zavc4yj6.default\cookies.txt -> TrackingCookie.Hitbox : Ignored.
:mozilla.207:C:\Documents and Settings\u0507196\Application Data\Mozilla\Firefox\Profiles\zavc4yj6.default\cookies.txt -> TrackingCookie.Hitbox : Ignored.
:mozilla.208:C:\Documents and Settings\u0507196\Application Data\Mozilla\Firefox\Profiles\zavc4yj6.default\cookies.txt -> TrackingCookie.Hitbox : Ignored.
:mozilla.515:C:\Documents and Settings\u0507196\Application Data\Mozilla\Firefox\Profiles\zavc4yj6.default\cookies.txt -> TrackingCookie.Hitbox : Ignored.
:mozilla.721:C:\Documents and Settings\u0507196\Application Data\Mozilla\Firefox\Profiles\zavc4yj6.default\cookies.txt -> TrackingCookie.Hitbox : Ignored.
:mozilla.722:C:\Documents and Settings\u0507196\Application Data\Mozilla\Firefox\Profiles\zavc4yj6.default\cookies.txt -> TrackingCookie.Hitbox : Ignored.
:mozilla.892:C:\Documents and Settings\u0507196\Application Data\Mozilla\Firefox\Profiles\zavc4yj6.default\cookies.txt -> TrackingCookie.Hitbox : Ignored.
:mozilla.487:C:\Documents and Settings\u0507196\Application Data\Mozilla\Firefox\Profiles\zavc4yj6.default\cookies.txt -> TrackingCookie.Hitslink : Ignored.
:mozilla.474:C:\Documents and Settings\u0507196\Application Data\Mozilla\Firefox\Profiles\zavc4yj6.default\cookies.txt -> TrackingCookie.Hotlog : Ignored.
:mozilla.291:C:\Documents and Settings\u0507196\Application Data\Mozilla\Firefox\Profiles\zavc4yj6.default\cookies.txt -> TrackingCookie.Imrworldwide : Ignored.
:mozilla.292:C:\Documents and Settings\u0507196\Application Data\Mozilla\Firefox\Profiles\zavc4yj6.default\cookies.txt -> TrackingCookie.Imrworldwide : Ignored.
:mozilla.220:C:\Documents and Settings\u0507196\Application Data\Mozilla\Firefox\Profiles\zavc4yj6.default\cookies.txt -> TrackingCookie.Information : Ignored.
:mozilla.221:C:\Documents and Settings\u0507196\Application Data\Mozilla\Firefox\Profiles\zavc4yj6.default\cookies.txt -> TrackingCookie.Information : Ignored.
:mozilla.222:C:\Documents and Settings\u0507196\Application Data\Mozilla\Firefox\Profiles\zavc4yj6.default\cookies.txt -> TrackingCookie.Information : Ignored.
:mozilla.910:C:\Documents and Settings\u0507196\Application Data\Mozilla\Firefox\Profiles\zavc4yj6.default\cookies.txt -> TrackingCookie.Liveperson : Ignored.
:mozilla.911:C:\Documents and Settings\u0507196\Application Data\Mozilla\Firefox\Profiles\zavc4yj6.default\cookies.txt -> TrackingCookie.Liveperson : Ignored.
:mozilla.27:C:\Documents and Settings\u0507196\Application Data\Mozilla\Firefox\Profiles\zavc4yj6.default\cookies.txt -> TrackingCookie.Mediaplex : Ignored.
C:\Documents and Settings\u0507196\Cookies\[email protected][2].txt -> TrackingCookie.Msn : Ignored.
:mozilla.37:C:\Documents and Settings\u0507196\Application Data\Mozilla\Firefox\Profiles\zavc4yj6.default\cookies.txt -> TrackingCookie.Netflame : Ignored.
:mozilla.38:C:\Documents and Settings\u0507196\Application Data\Mozilla\Firefox\Profiles\zavc4yj6.default\cookies.txt -> TrackingCookie.Netflame : Ignored.
C:\Documents and Settings\u0507196\Cookies\[email protected][2].txt -> TrackingCookie.Netflame : Ignored.
:mozilla.192:C:\Documents and Settings\u0507196\Application Data\Mozilla\Firefox\Profiles\zavc4yj6.default\cookies.txt -> TrackingCookie.Overture : Ignored.
:mozilla.193:C:\Documents and Settings\u0507196\Application Data\Mozilla\Firefox\Profiles\zavc4yj6.default\cookies.txt -> TrackingCookie.Overture : Ignored.
:mozilla.981:C:\Documents and Settings\u0507196\Application Data\Mozilla\Firefox\Profiles\zavc4yj6.default\cookies.txt -> TrackingCookie.Overture : Ignored.
:mozilla.223:C:\Documents and Settings\u0507196\Application Data\Mozilla\Firefox\Profiles\zavc4yj6.default\cookies.txt -> TrackingCookie.Paypal : Ignored.
:mozilla.779:C:\Documents and Settings\u0507196\Application Data\Mozilla\Firefox\Profiles\zavc4yj6.default\cookies.txt -> TrackingCookie.Pointroll : Ignored.
:mozilla.780:C:\Documents and Settings\u0507196\Application Data\Mozilla\Firefox\Profiles\zavc4yj6.default\cookies.txt -> TrackingCookie.Pointroll : Ignored.
:mozilla.781:C:\Documents and Settings\u0507196\Application Data\Mozilla\Firefox\Profiles\zavc4yj6.default\cookies.txt -> TrackingCookie.Pointroll : Ignored.
:mozilla.782:C:\Documents and Settings\u0507196\Application Data\Mozilla\Firefox\Profiles\zavc4yj6.default\cookies.txt -> TrackingCookie.Pointroll : Ignored.
:mozilla.177:C:\Documents and Settings\u0507196\Application Data\Mozilla\Firefox\Profiles\zavc4yj6.default\cookies.txt -> TrackingCookie.Questionmarket : Ignored.
:mozilla.179:C:\Documents and Settings\u0507196\Application Data\Mozilla\Firefox\Profiles\zavc4yj6.default\cookies.txt -> TrackingCookie.Questionmarket : Ignored.
:mozilla.180:C:\Documents and Settings\u0507196\Application Data\Mozilla\Firefox\Profiles\zavc4yj6.default\cookies.txt -> TrackingCookie.Questionmarket : Ignored.
:mozilla.42:C:\Documents and Settings\u0507196\Application Data\Mozilla\Firefox\Profiles\zavc4yj6.default\cookies.txt -> TrackingCookie.Realmedia : Ignored.
:mozilla.43:C:\Documents and Settings\u0507196\Application Data\Mozilla\Firefox\Profiles\zavc4yj6.default\cookies.txt -> TrackingCookie.Realmedia : Ignored.
:mozilla.46:C:\Documents and Settings\u0507196\Application Data\Mozilla\Firefox\Profiles\zavc4yj6.default\cookies.txt -> TrackingCookie.Realmedia : Ignored.
:mozilla.47:C:\Documents and Settings\u0507196\Application Data\Mozilla\Firefox\Profiles\zavc4yj6.default\cookies.txt -> TrackingCookie.Realmedia : Ignored.
:mozilla.50:C:\Documents and Settings\u0507196\Application Data\Mozilla\Firefox\Profiles\zavc4yj6.default\cookies.txt -> TrackingCookie.Realmedia : Ignored.
:mozilla.51:C:\Documents and Settings\u0507196\Application Data\Mozilla\Firefox\Profiles\zavc4yj6.default\cookies.txt -> TrackingCookie.Realmedia : Ignored.
:mozilla.52:C:\Documents and Settings\u0507196\Application Data\Mozilla\Firefox\Profiles\zavc4yj6.default\cookies.txt -> TrackingCookie.Realmedia : Ignored.
:mozilla.15:C:\Documents and Settings\u0507196\Application Data\Mozilla\Firefox\Profiles\zavc4yj6.default\cookies.txt -> TrackingCookie.Reliablestats : Ignored.
:mozilla.16:C:\Documents and Settings\u0507196\Application Data\Mozilla\Firefox\Profiles\zavc4yj6.default\cookies.txt -> TrackingCookie.Reliablestats : Ignored.
:mozilla.17:C:\Documents and Settings\u0507196\Application Data\Mozilla\Firefox\Profiles\zavc4yj6.default\cookies.txt -> TrackingCookie.Reliablestats : Ignored.
:mozilla.18:C:\Documents and Settings\u0507196\Application Data\Mozilla\Firefox\Profiles\zavc4yj6.default\cookies.txt -> TrackingCookie.Reliablestats : Ignored.
:mozilla.19:C:\Documents and Settings\u0507196\Application Data\Mozilla\Firefox\Profiles\zavc4yj6.default\cookies.txt -> TrackingCookie.Reliablestats : Ignored.
:mozilla.219:C:\Documents and Settings\u0507196\Application Data\Mozilla\Firefox\Profiles\zavc4yj6.default\cookies.txt -> TrackingCookie.Revenue : Ignored.
:mozilla.130:C:\Documents and Settings\u0507196\Application Data\Mozilla\Firefox\Profiles\zavc4yj6.default\cookies.txt -> TrackingCookie.Revsci : Ignored.
:mozilla.134:C:\Documents and Settings\u0507196\Application Data\Mozilla\Firefox\Profiles\zavc4yj6.default\cookies.txt -> TrackingCookie.Revsci : Ignored.
:mozilla.135:C:\Documents and Settings\u0507196\Application Data\Mozilla\Firefox\Profiles\zavc4yj6.default\cookies.txt -> TrackingCookie.Revsci : Ignored.
:mozilla.136:C:\Documents and Settings\u0507196\Application Data\Mozilla\Firefox\Profiles\zavc4yj6.default\cookies.txt -> TrackingCookie.Revsci : Ignored.
:mozilla.137:C:\Documents and Settings\u0507196\Application Data\Mozilla\Firefox\Profiles\zavc4yj6.default\cookies.txt -> TrackingCookie.Revsci : Ignored.
:mozilla.138:C:\Documents and Settings\u0507196\Application Data\Mozilla\Firefox\Profiles\zavc4yj6.default\cookies.txt -> TrackingCookie.Revsci : Ignored.
:mozilla.139:C:\Documents and Settings\u0507196\Application Data\Mozilla\Firefox\Profiles\zavc4yj6.default\cookies.txt -> TrackingCookie.Revsci : Ignored.
:mozilla.140:C:\Documents and Settings\u0507196\Application Data\Mozilla\Firefox\Profiles\zavc4yj6.default\cookies.txt -> TrackingCookie.Revsci : Ignored.
:mozilla.141:C:\Documents and Settings\u0507196\Application Data\Mozilla\Firefox\Profiles\zavc4yj6.default\cookies.txt -> TrackingCookie.Revsci : Ignored.
:mozilla.142:C:\Documents and Settings\u0507196\Application Data\Mozilla\Firefox\Profiles\zavc4yj6.default\cookies.txt -> TrackingCookie.Revsci : Ignored.
:mozilla.495:C:\Documents and Settings\u0507196\Application Data\Mozilla\Firefox\Profiles\zavc4yj6.default\cookies.txt -> TrackingCookie.Revsci : Ignored.
:mozilla.560:C:\Documents and Settings\u0507196\Application Data\Mozilla\Firefox\Profiles\zavc4yj6.default\cookies.txt -> TrackingCookie.Sitestat : Ignored.
:mozilla.561:C:\Documents and Settings\u0507196\Application Data\Mozilla\Firefox\Profiles\zavc4yj6.default\cookies.txt -> TrackingCookie.Sitestat : Ignored.
:mozilla.362:C:\Documents and Settings\u0507196\Application Data\Mozilla\Firefox\Profiles\zavc4yj6.default\cookies.txt -> TrackingCookie.Statcounter : Ignored.
:mozilla.363:C:\Documents and Settings\u0507196\Application Data\Mozilla\Firefox\Profiles\zavc4yj6.default\cookies.txt -> TrackingCookie.Statcounter : Ignored.
:mozilla.364:C:\Documents and Settings\u0507196\Application Data\Mozilla\Firefox\Profiles\zavc4yj6.default\cookies.txt -> TrackingCookie.Statcounter : Ignored.
:mozilla.365:C:\Documents and Settings\u0507196\Application Data\Mozilla\Firefox\Profiles\zavc4yj6.default\cookies.txt -> TrackingCookie.Statcounter : Ignored.
:mozilla.366:C:\Documents and Settings\u0507196\Application Data\Mozilla\Firefox\Profiles\zavc4yj6.default\cookies.txt -> TrackingCookie.Statcounter : Ignored.
:mozilla.367:C:\Documents and Settings\u0507196\Application Data\Mozilla\Firefox\Profiles\zavc4yj6.default\cookies.txt -> TrackingCookie.Statcounter : Ignored.
:mozilla.368:C:\Documents and Settings\u0507196\Application Data\Mozilla\Firefox\Profiles\zavc4yj6.default\cookies.txt -> TrackingCookie.Statcounter : Ignored.
:mozilla.369:C:\Documents and Settings\u0507196\Application Data\Mozilla\Firefox\Profiles\zavc4yj6.default\cookies.txt -> TrackingCookie.Statcounter : Ignored.
:mozilla.370:C:\Documents and Settings\u0507196\Application Data\Mozilla\Firefox\Profiles\zavc4yj6.default\cookies.txt -> TrackingCookie.Statcounter : Ignored.
:mozilla.371:C:\Documents and Settings\u0507196\Application Data\Mozilla\Firefox\Profiles\zavc4yj6.default\cookies.txt -> TrackingCookie.Statcounter : Ignored.
:mozilla.372:C:\Documents and Settings\u0507196\Application Data\Mozilla\Firefox\Profiles\zavc4yj6.default\cookies.txt -> TrackingCookie.Statcounter : Ignored.
:mozilla.373:C:\Documents and Settings\u0507196\Application Data\Mozilla\Firefox\Profiles\zavc4yj6.default\cookies.txt -> TrackingCookie.Statcounter : Ignored.
:mozilla.374:C:\Documents and Settings\u0507196\Application Data\Mozilla\Firefox\Profiles\zavc4yj6.default\cookies.txt -> TrackingCookie.Statcounter : Ignored.
:mozilla.375:C:\Documents and Settings\u0507196\Application Data\Mozilla\Firefox\Profiles\zavc4yj6.default\cookies.txt -> TrackingCookie.Statcounter : Ignored.
:mozilla.376:C:\Documents and Settings\u0507196\Application Data\Mozilla\Firefox\Profiles\zavc4yj6.default\cookies.txt -> TrackingCookie.Statcounter : Ignored.
:mozilla.377:C:\Documents and Settings\u0507196\Application Data\Mozilla\Firefox\Profiles\zavc4yj6.default\cookies.txt -> TrackingCookie.Statcounter : Ignored.
:mozilla.378:C:\Documents and Settings\u0507196\Application Data\Mozilla\Firefox\Profiles\zavc4yj6.default\cookies.txt -> TrackingCookie.Statcounter : Ignored.
:mozilla.379:C:\Documents and Settings\u0507196\Application Data\Mozilla\Firefox\Profiles\zavc4yj6.default\cookies.txt -> TrackingCookie.Statcounter : Ignored.
:mozilla.380:C:\Documents and Settings\u0507196\Application Data\Mozilla\Firefox\Profiles\zavc4yj6.default\cookies.txt -> TrackingCookie.Statcounter : Ignored.
:mozilla.381:C:\Documents and Settings\u0507196\Application Data\Mozilla\Firefox\Profiles\zavc4yj6.default\cookies.txt -> TrackingCookie.Statcounter : Ignored.
:mozilla.382:C:\Documents and Settings\u0507196\Application Data\Mozilla\Firefox\Profiles\zavc4yj6.default\cookies.txt -> TrackingCookie.Statcounter : Ignored.
:mozilla.383:C:\Documents and Settings\u0507196\Application Data\Mozilla\Firefox\Profiles\zavc4yj6.default\cookies.txt -> TrackingCookie.Statcounter : Ignored.
:mozilla.384:C:\Documents and Settings\u0507196\Application Data\Mozilla\Firefox\Profiles\zavc4yj6.default\cookies.txt -> TrackingCookie.Statcounter : Ignored.
:mozilla.385:C:\Documents and Settings\u0507196\Application Data\Mozilla\Firefox\Profiles\zavc4yj6.default\cookies.txt -> TrackingCookie.Statcounter : Ignored.
:mozilla.386:C:\Documents and Settings\u0507196\Application Data\Mozilla\Firefox\Profiles\zavc4yj6.default\cookies.txt -> TrackingCookie.Statcounter : Ignored.
:mozilla.387:C:\Documents and Settings\u0507196\Application Data\Mozilla\Firefox\Profiles\zavc4yj6.default\cookies.txt -> TrackingCookie.Statcounter : Ignored.
:mozilla.388:C:\Documents and Settings\u0507196\Application Data\Mozilla\Firefox\Profiles\zavc4yj6.default\cookies.txt -> TrackingCookie.Statcounter : Ignored.
:mozilla.389:C:\Documents and Settings\u0507196\Application Data\Mozilla\Firefox\Profiles\zavc4yj6.default\cookies.txt -> TrackingCookie.Statcounter : Ignored.
:mozilla.390:C:\Documents and Settings\u0507196\Application Data\Mozilla\Firefox\Profiles\zavc4yj6.default\cookies.txt -> TrackingCookie.Statcounter : Ignored.
:mozilla.391:C:\Documents and Settings\u0507196\Application Data\Mozilla\Firefox\Profiles\zavc4yj6.default\cookies.txt -> TrackingCookie.Statcounter : Ignored.
:mozilla.392:C:\Documents and Settings\u0507196\Application Data\Mozilla\Firefox\Profiles\zavc4yj6.default\cookies.txt -> TrackingCookie.Statcounter : Ignored.
:mozilla.393:C:\Documents and Settings\u0507196\Application Data\Mozilla\Firefox\Profiles\zavc4yj6.default\cookies.txt -> TrackingCookie.Statcounter : Ignored.
:mozilla.394:C:\Documents and Settings\u0507196\Application Data\Mozilla\Firefox\Profiles\zavc4yj6.default\cookies.txt -> TrackingCookie.Statcounter : Ignored.
:mozilla.395:C:\Documents and Settings\u0507196\Application Data\Mozilla\Firefox\Profiles\zavc4yj6.default\cookies.txt -> TrackingCookie.Statcounter : Ignored.
:mozilla.396:C:\Documents and Settings\u0507196\Application Data\Mozilla\Firefox\Profiles\zavc4yj6.default\cookies.txt -> TrackingCookie.Statcounter : Ignored.
:mozilla.397:C:\Documents and Settings\u0507196\Application Data\Mozilla\Firefox\Profiles\zavc4yj6.default\cookies.txt -> TrackingCookie.Statcounter : Ignored.
:mozilla.398:C:\Documents and Settings\u0507196\Application Data\Mozilla\Firefox\Profiles\zavc4yj6.default\cookies.txt -> TrackingCookie.Statcounter : Ignored.
:mozilla.399:C:\Documents and Settings\u0507196\Application Data\Mozilla\Firefox\Profiles\zavc4yj6.default\cookies.txt -> TrackingCookie.Statcounter : Ignored.
:mozilla.400:C:\Documents and Settings\u0507196\Application Data\Mozilla\Firefox\Profiles\zavc4yj6.default\cookies.txt -> TrackingCookie.Statcounter : Ignored.
:mozilla.401:C:\Documents and Settings\u0507196\Application Data\Mozilla\Firefox\Profiles\zavc4yj6.default\cookies.txt -> TrackingCookie.Statcounter : Ignored.
:mozilla.402:C:\Documents and Settings\u0507196\Application Data\Mozilla\Firefox\Profiles\zavc4yj6.default\cookies.txt -> TrackingCookie.Statcounter : Ignored.
:mozilla.403:C:\Documents and Settings\u0507196\Application Data\Mozilla\Firefox\Profiles\zavc4yj6.default\cookies.txt -> TrackingCookie.Statcounter : Ignored.
:mozilla.404:C:\Documents and Settings\u0507196\Application Data\Mozilla\Firefox\Profiles\zavc4yj6.default\cookies.txt -> TrackingCookie.Statcounter : Ignored.
:mozilla.405:C:\Documents and Settings\u0507196\Application Data\Mozilla\Firefox\Profiles\zavc4yj6.default\cookies.txt -> TrackingCookie.Statcounter : Ignored.
:mozilla.406:C:\Documents and Settings\u0507196\Application Data\Mozilla\Firefox\Profiles\zavc4yj6.default\cookies.txt -> TrackingCookie.Statcounter : Ignored.
:mozilla.407:C:\Documents and Settings\u0507196\Application Data\Mozilla\Firefox\Profiles\zavc4yj6.default\cookies.txt -> TrackingCookie.Statcounter : Ignored.
:mozilla.408:C:\Documents and Settings\u0507196\Application Data\Mozilla\Firefox\Profiles\zavc4yj6.default\cookies.txt -> TrackingCookie.Statcounter : Ignored.
:mozilla.437:C:\Documents and Settings\u0507196\Application Data\Mozilla\Firefox\Profiles\zavc4yj6.default\cookies.txt -> TrackingCookie.Tacoda : Ignored.
:mozilla.438:C:\Documents and Settings\u0507196\Application Data\Mozilla\Firefox\Profiles\zavc4yj6.default\cookies.txt -> TrackingCookie.Tacoda : Ignored.
:mozilla.439:C:\Documents and Settings\u0507196\Application Data\Mozilla\Firefox\Profiles\zavc4yj6.default\cookies.txt -> TrackingCookie.Tacoda : Ignored.
:mozilla.638:C:\Documents and Settings\u0507196\Application Data\Mozilla\Firefox\Profiles\zavc4yj6.default\cookies.txt -> TrackingCookie.Targetnet : Ignored.
:mozilla.669:C:\Documents and Settings\u0507196\Application Data\Mozilla\Firefox\Profiles\zavc4yj6.default\cookies.txt -> TrackingCookie.Toplist : Ignored.
:mozilla.185:C:\Documents and Settings\u0507196\Application Data\Mozilla\Firefox\Profiles\zavc4yj6.default\cookies.txt -> TrackingCookie.Tracking101 : Ignored.
:mozilla.936:C:\Documents and Settings\u0507196\Application Data\Mozilla\Firefox\Profiles\zavc4yj6.default\cookies.txt -> TrackingCookie.Tradedoubler : Ignored.
:mozilla.824:C:\Documents and Settings\u0507196\Application Data\Mozilla\Firefox\Profiles\zavc4yj6.default\cookies.txt -> TrackingCookie.Trafic : Ignored.
:mozilla.73:C:\Documents and Settings\u0507196\Application Data\Mozilla\Firefox\Profiles\zavc4yj6.default\cookies.txt -> TrackingCookie.Tribalfusion : Ignored.
:mozilla.228:C:\Documents and Settings\u0507196\Application Data\Mozilla\Firefox\Profiles\zavc4yj6.default\cookies.txt -> TrackingCookie.Valuead : Ignored.
:mozilla.229:C:\Documents and Settings\u0507196\Application Data\Mozilla\Firefox\Profiles\zavc4yj6.default\cookies.txt -> TrackingCookie.Valuead : Ignored.
:mozilla.230:C:\Documents and Settings\u0507196\Application Data\Mozilla\Firefox\Profiles\zavc4yj6.default\cookies.txt -> TrackingCookie.Valuead : Ignored.
:mozilla.231:C:\Documents and Settings\u0507196\Application Data\Mozilla\Firefox\Profiles\zavc4yj6.default\cookies.txt -> TrackingCookie.Valuead : Ignored.
:mozilla.232:C:\Documents and Settings\u0507196\Application Data\Mozilla\Firefox\Profiles\zavc4yj6.default\cookies.txt -> TrackingCookie.Valuead : Ignored.
:mozilla.233:C:\Documents and Settings\u0507196\Application Data\Mozilla\Firefox\Profiles\zavc4yj6.default\cookies.txt -> TrackingCookie.Valuead : Ignored.
:mozilla.234:C:\Documents and Settings\u0507196\Application Data\Mozilla\Firefox\Profiles\zavc4yj6.default\cookies.txt -> TrackingCookie.Valuead : Ignored.
:mozilla.928:C:\Documents and Settings\u0507196\Application Data\Mozilla\Firefox\Profiles\zavc4yj6.default\cookies.txt -> TrackingCookie.Valueclick : Ignored.
:mozilla.309:C:\Documents and Settings\u0507196\Application Data\Mozilla\Firefox\Profiles\zavc4yj6.default\cookies.txt -> TrackingCookie.Webtrends : Ignored.
C:\Documents and Settings\u0507196\Cookies\[email protected][1].txt -> TrackingCookie.Webtrends : Ignored.
:mozilla.87:C:\Documents and Settings\u0507196\Application Data\Mozilla\Firefox\Profiles\zavc4yj6.default\cookies.txt -> TrackingCookie.Webtrendslive : Ignored.
:mozilla.702:C:\Documents and Settings\u0507196\Application Data\Mozilla\Firefox\Profiles\zavc4yj6.default\cookies.txt -> TrackingCookie.Yadro : Ignored.
:mozilla.56:C:\Documents and Settings\u0507196\Application Data\Mozilla\Firefox\Profiles\zavc4yj6.default\cookies.txt -> TrackingCookie.Yieldmanager : Ignored.
:mozilla.57:C:\Documents and Settings\u0507196\Application Data\Mozilla\Firefox\Profiles\zavc4yj6.default\cookies.txt -> TrackingCookie.Yieldmanager : Ignored.
:mozilla.58:C:\Documents and Settings\u0507196\Application Data\Mozilla\Firefox\Profiles\zavc4yj6.default\cookies.txt -> TrackingCookie.Yieldmanager : Ignored.
:mozilla.59:C:\Documents and Settings\u0507196\Application Data\Mozilla\Firefox\Profiles\zavc4yj6.default\cookies.txt -> TrackingCookie.Yieldmanager : Ignored.
:mozilla.60:C:\Documents and Settings\u0507196\Application Data\Mozilla\Firefox\Profiles\zavc4yj6.default\cookies.txt -> TrackingCookie.Yieldmanager : Ignored.
:mozilla.61:C:\Documents and Settings\u0507196\Application Data\Mozilla\Firefox\Profiles\zavc4yj6.default\cookies.txt -> TrackingCookie.Yieldmanager : Ignored.
:mozilla.62:C:\Documents and Settings\u0507196\Application Data\Mozilla\Firefox\Profiles\zavc4yj6.default\cookies.txt -> TrackingCookie.Yieldmanager : Ignored.
:mozilla.63:C:\Documents and Settings\u0507196\Application Data\Mozilla\Firefox\Profiles\zavc4yj6.default\cookies.txt -> TrackingCookie.Yieldmanager : Ignored.
:mozilla.64:C:\Documents and Settings\u0507196\Application Data\Mozilla\Firefox\Profiles\zavc4yj6.default\cookies.txt -> TrackingCookie.Yieldmanager : Ignored.
:mozilla.65:C:\Documents and Settings\u0507196\Application Data\Mozilla\Firefox\Profiles\zavc4yj6.default\cookies.txt -> TrackingCookie.Yieldmanager : Ignored.
:mozilla.66:C:\Documents and Settings\u0507196\Application Data\Mozilla\Firefox\Profiles\zavc4yj6.default\cookies.txt -> TrackingCookie.Yieldmanager : Ignored.
:mozilla.67:C:\Documents and Settings\u0507196\Application Data\Mozilla\Firefox\Profiles\zavc4yj6.default\cookies.txt -> TrackingCookie.Yieldmanager : Ignored.
:mozilla.68:C:\Documents and Settings\u0507196\Application Data\Mozilla\Firefox\Profiles\zavc4yj6.default\cookies.txt -> TrackingCookie.Yieldmanager : Ignored.
:mozilla.511:C:\Documents and Settings\u0507196\Application Data\Mozilla\Firefox\Profiles\zavc4yj6.default\cookies.txt -> TrackingCookie.Zedo : Ignored.
:mozilla.512:C:\Documents and Settings\u0507196\Application Data\Mozilla\Firefox\Profiles\zavc4yj6.default\cookies.txt -> TrackingCookie.Zedo : Ignored.
:mozilla.513:C:\Documents and Settings\u0507196\Application Data\Mozilla\Firefox\Profiles\zavc4yj6.default\cookies.txt -> TrackingCookie.Zedo : Ignored.
:mozilla.514:C:\Documents and Settings\u0507196\Application Data\Mozilla\Firefox\Profiles\zavc4yj6.default\cookies.txt -> TrackingCookie.Zedo : Ignored.
C:\WINDOWS\system32\micro1\b9.exe -> Trojan.Bantool : Cleaned with backup (quarantined).


::Report end

SuperAntiSpyware log

SUPERAntiSpyware Scan Log
Generated 04/21/2007 at 06:16 PM

Application Version : 3.6.1000

Core Rules Database Version : 3190
Trace Rules Database Version: 1200

Scan type : Complete Scan
Total Scan Time : 02:59:59

Memory items scanned : 573
Memory threats detected : 1
Registry items scanned : 8352
Registry threats detected : 7
File items scanned : 110189
File threats detected : 13

Trojan.WinFixer
C:\WINDOWS\SYSTEM32\DDCYA.DLL
C:\WINDOWS\SYSTEM32\DDCYA.DLL
HKLM\Software\Classes\CLSID\{2EAAF4F9-006B-4DEC-AD5D-C5C36FC224E4}
HKCR\CLSID\{2EAAF4F9-006B-4DEC-AD5D-C5C36FC224E4}
HKCR\CLSID\{2EAAF4F9-006B-4DEC-AD5D-C5C36FC224E4}\InprocServer32
HKCR\CLSID\{2EAAF4F9-006B-4DEC-AD5D-C5C36FC224E4}\InprocServer32#ThreadingModel
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2EAAF4F9-006B-4DEC-AD5D-C5C36FC224E4}
Software\Microsoft\Windows NT\CurrentVersion\WinLogon\Notify\ddcya

Adware.Tracking Cookie
C:\Documents and Settings\u0507196\Cookies\u0507196@mb[1].txt
C:\Documents and Settings\u0507196\Cookies\u0507196@cgi-bin[2].txt
C:\Documents and Settings\u0507196\Cookies\[email protected][1].txt
C:\Documents and Settings\u0507196\Cookies\u0507196@casalemedia[2].txt
C:\Documents and Settings\u0507196\Cookies\[email protected][2].txt
C:\Documents and Settings\u0507196\Cookies\[email protected][1].txt
C:\Documents and Settings\u0507196\Cookies\u0507196@kanoodle[1].txt
C:\Documents and Settings\u0507196\Cookies\u0507196@mb[2].txt

Trojan.NewDotNet
HKU\S-1-5-21-1086020445-1760312889-1512734326-246431\Software\New.net
C:\SYSTEM VOLUME INFORMATION\_RESTORE{5D527826-05BD-4A83-8416-28ACDDA14001}\RP335\A0106213.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{5D527826-05BD-4A83-8416-28ACDDA14001}\RP335\A0106214.EXE

Trojan.NewDotNet-Installer
C:\SYSTEM VOLUME INFORMATION\_RESTORE{5D527826-05BD-4A83-8416-28ACDDA14001}\RP335\A0106215.EXE

Adware.DeluxeCommunications
C:\SYSTEM VOLUME INFORMATION\_RESTORE{5D527826-05BD-4A83-8416-28ACDDA14001}\RP335\A0106216.EXE

Edited by desperateuser, 21 April 2007 - 04:51 AM.

  • 0

#4
desperateuser
Posted 21 April 2007 - 04:54 AM

desperateuser

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
Latest HJT log

Logfile of HijackThis v1.99.1
Scan saved at 6:41:33 PM, on 4/21/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\ISS\issSensors\DesktopProtection\blackd.exe
C:\Program Files\IBM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\NUS-VPN\cvpnd.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe
C:\WINDOWS\System32\QCONSVC.EXE
C:\Program Files\ISS\issSensors\DesktopProtection\RapApp.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\TPHDEXLG.EXE
C:\WINDOWS\system32\TpKmpSVC.exe
C:\WINDOWS\System32\urtclsvc.exe
C:\Program Files\ISS\issSensors\DesktopProtection\vpatch.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\TpShocks.exe
C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe
C:\Program Files\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe
C:\IBMTOOLS\UTILS\ibmprc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\WINDOWS\VM_STI.EXE
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Yahoo! Widget Engine\YahooWidgetEngine.exe
C:\Program Files\Yahoo! Widget Engine\YahooWidgetEngine.exe
C:\Program Files\Yahoo! Widget Engine\YahooWidgetEngine.exe
C:\Program Files\Yahoo! Widget Engine\YahooWidgetEngine.exe
C:\Program Files\Yahoo! Widget Engine\YahooWidgetEngine.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\EditPadLite\EditPadLite.exe
C:\Documents and Settings\u0507196\Desktop\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.nus.edu.sg
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = fol.singnet.com.sg:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost; 127.0.0.1; 192.168.1.254;<local>
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1557B435-8242-4686-9AA3-9265BF7525A4} - blank (file missing)
O2 - BHO: (no name) - {2EAAF4F9-006B-4DEC-AD5D-C5C36FC224E4} - (no file)
O2 - BHO: (no name) - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - (no file)
O2 - BHO: (no name) - {3ACD8872-77A3-468F-9EB8-9F9C862C90F1} - blank (file missing)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: (no name) - {7AC06F58-F80C-4940-A14C-E09FE77F9DD2} - C:\WINDOWS\system32\urqollm.dll (file missing)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper
O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
O4 - HKLM\..\Run: [TP4EX] tp4ex.exe
O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [UC_Start] C:\Program Files\IBM\Updater\\ucstartup.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [IBMPRC] C:\IBMTOOLS\UTILS\ibmprc.exe
O4 - HKLM\..\Run: [PWRMGRTR] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE VIMICRO USB PC Camera 301x
O4 - HKLM\..\Run: [BLOG] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [QCWLIcon] C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [EOUApp] "C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe"
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Startup: Yahoo! Widget Engine.lnk = C:\Program Files\Yahoo! Widget Engine\YahooWidgetEngine.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\IBM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\IBM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\IBM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Software Installer - {D1A4DEBD-C2EE-449f-B9FB-E8409F9A0BC5} - C:\Program Files\ThinkPad\PkgMgr\\PkgMgr.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Broken Internet access because of LSP provider 'c:\program files\newdotnet\newdotnet6_38.dll' missing
O14 - IERESET.INF: START_PAGE_URL=http://www.nus.edu.sg
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = stu.nus.edu.sg
O17 - HKLM\Software\..\Telephony: DomainName = stu.nus.edu.sg
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = stu.nus.edu.sg
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = stu.nus.edu.sg
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = stu.nus.edu.sg
O17 - HKLM\System\CS4\Services\Tcpip\Parameters: Domain = stu.nus.edu.sg
O17 - HKLM\System\CS5\Services\Tcpip\Parameters: Domain = stu.nus.edu.sg
O17 - HKLM\System\CS6\Services\Tcpip\Parameters: Domain = stu.nus.edu.sg
O17 - HKLM\System\CS7\Services\Tcpip\Parameters: Domain = stu.nus.edu.sg
O17 - HKLM\System\CS8\Services\Tcpip\Parameters: Domain = stu.nus.edu.sg
O17 - HKLM\System\CS9\Services\Tcpip\Parameters: Domain = stu.nus.edu.sg
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: widimg - {EE7C2AFF-5742-44FF-BD0E-E521B0D3C3BA} - C:\WINDOWS\system32\btxppanel.dll
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: QConGina - C:\WINDOWS\SYSTEM32\QConGina.dll
O20 - Winlogon Notify: tpfnf2 - C:\WINDOWS\SYSTEM32\notifyf2.dll
O20 - Winlogon Notify: tphotkey - C:\WINDOWS\SYSTEM32\tphklock.dll
O20 - Winlogon Notify: urqollm - urqollm.dll (file missing)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: BlackICE - Internet Security Systems, Inc. - C:\Program Files\ISS\issSensors\DesktopProtection\blackd.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation - C:\Program Files\IBM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\NUS-VPN\cvpnd.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: IBM Rapid Restore Ultra Service - Unknown owner - C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe
O23 - Service: IBM PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: SQL Server (SQLEXPRESS) (MSSQL$SQLEXPRESS) - Unknown owner - C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sSQLEXPRESS (file missing)
O23 - Service: OpenVPN Service (OpenVPNService) - Unknown owner - C:\Program Files\OpenVPN\bin\openvpnserv.exe
O23 - Service: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - C:\WINDOWS\system32\PsaSrv.exe (file missing)
O23 - Service: QCONSVC - IBM Corp. - C:\WINDOWS\System32\QCONSVC.EXE
O23 - Service: RapApp - Internet Security Systems, Inc. - C:\Program Files\ISS\issSensors\DesktopProtection\RapApp.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Apache Tomcat (Tomcat5) - Unknown owner - C:\Program Files\Apache Software Foundation\Tomcat 5.5\bin\tomcat5.exe" //RS//Tomcat5 (file missing)
O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\WINDOWS\System32\TPHDEXLG.EXE
O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe
O23 - Service: URT Client Service (urtclientservice) - Unknown owner - C:\WINDOWS\System32\urtclsvc.exe
O23 - Service: ISS Buffer Overflow Exploit Prevention (VPatch) - Internet Security Systems, Inc. - C:\Program Files\ISS\issSensors\DesktopProtection\vpatch.exe

Additional stuff

After performing the scan using SuperAntiSpyware, I followed instructions and quarantined and removed the infected files, after which I rebooted. The first two times I tried to reboot, I got an error blue screen while Windows XP was booting up (at that screen with the progress indicator). The third time (which is this time), I rebooted using the last known good configuration. My guess is that because all previous restore points were removed, XP had problems booting normally because it can't find the necessary files.
  • 0

#5
Daemon
Posted 21 April 2007 - 05:15 AM

Daemon

    Security Expert

  • Retired Staff
  • 4,356 posts
  • MVP
Let me know if you have further boot problems.

First click here to download LSPFix. Extract the program from the zip file and run it, make sure you click the "I know what I'm doing" button. Select newdotnet6_38.dll and using the right-pointing 'arrows' and move all instances of newdotnet6_38.dll it mentions to the Remove (RHS) side but leave everything else (it might already be over there when you open LSPFix). Click the 'Finished' button (if you exit with the X at top right nothing happens).

You are running HijackThis from the Desktop; please create a new folder for it and move the program into the new folder.

Make sure that you have no browser windows open as this could prevent the fix from working properly. Open HijackThis, scan and when complete, remove the following entries by checking the box to the left and clicking 'fixed checked':

O2 - BHO: (no name) - {1557B435-8242-4686-9AA3-9265BF7525A4} - blank (file missing)
O2 - BHO: (no name) - {2EAAF4F9-006B-4DEC-AD5D-C5C36FC224E4} - (no file)
O2 - BHO: (no name) - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - (no file)
O2 - BHO: (no name) - {3ACD8872-77A3-468F-9EB8-9F9C862C90F1} - blank (file missing)
O2 - BHO: (no name) - {7AC06F58-F80C-4940-A14C-E09FE77F9DD2} - C:\WINDOWS\system32\urqollm.dll (file missing)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O20 - Winlogon Notify: urqollm - urqollm.dll (file missing)

Exit HijackThis when done. Reboot, rescan with HijackThis and post a new log here.
  • 0

#6
desperateuser
Posted 21 April 2007 - 10:48 AM

desperateuser

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
No reboot problems, thank God.

HijackThis log

Logfile of HijackThis v1.99.1
Scan saved at 12:43:11 AM, on 4/22/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\ISS\issSensors\DesktopProtection\blackd.exe
C:\Program Files\IBM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\NUS-VPN\cvpnd.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe
C:\WINDOWS\System32\QCONSVC.EXE
C:\Program Files\ISS\issSensors\DesktopProtection\RapApp.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\TPHDEXLG.EXE
C:\WINDOWS\system32\TpKmpSVC.exe
C:\WINDOWS\System32\urtclsvc.exe
C:\Program Files\ISS\issSensors\DesktopProtection\vpatch.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\TpShocks.exe
C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\IBMTOOLS\UTILS\ibmprc.exe
C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe
C:\Program Files\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\WINDOWS\VM_STI.EXE
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Yahoo! Widget Engine\YahooWidgetEngine.exe
C:\Program Files\Yahoo! Widget Engine\YahooWidgetEngine.exe
C:\Program Files\Yahoo! Widget Engine\YahooWidgetEngine.exe
C:\Program Files\Yahoo! Widget Engine\YahooWidgetEngine.exe
C:\Program Files\Yahoo! Widget Engine\YahooWidgetEngine.exe
C:\Program Files\EditPadLite\EditPadLite.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\u0507196\Desktop\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.nus.edu.sg
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = fol.singnet.com.sg:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost; 127.0.0.1; 192.168.1.254;<local>
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper
O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
O4 - HKLM\..\Run: [TP4EX] tp4ex.exe
O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [UC_Start] C:\Program Files\IBM\Updater\\ucstartup.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [IBMPRC] C:\IBMTOOLS\UTILS\ibmprc.exe
O4 - HKLM\..\Run: [PWRMGRTR] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE VIMICRO USB PC Camera 301x
O4 - HKLM\..\Run: [BLOG] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [QCWLIcon] C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [EOUApp] "C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe"
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Startup: Yahoo! Widget Engine.lnk = C:\Program Files\Yahoo! Widget Engine\YahooWidgetEngine.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\IBM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\IBM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\IBM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Software Installer - {D1A4DEBD-C2EE-449f-B9FB-E8409F9A0BC5} - C:\Program Files\ThinkPad\PkgMgr\\PkgMgr.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.nus.edu.sg
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = stu.nus.edu.sg
O17 - HKLM\Software\..\Telephony: DomainName = stu.nus.edu.sg
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = stu.nus.edu.sg
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = stu.nus.edu.sg
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = stu.nus.edu.sg
O17 - HKLM\System\CS4\Services\Tcpip\Parameters: Domain = stu.nus.edu.sg
O17 - HKLM\System\CS5\Services\Tcpip\Parameters: Domain = stu.nus.edu.sg
O17 - HKLM\System\CS6\Services\Tcpip\Parameters: Domain = stu.nus.edu.sg
O17 - HKLM\System\CS7\Services\Tcpip\Parameters: Domain = stu.nus.edu.sg
O17 - HKLM\System\CS8\Services\Tcpip\Parameters: Domain = stu.nus.edu.sg
O17 - HKLM\System\CS9\Services\Tcpip\Parameters: Domain = stu.nus.edu.sg
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: widimg - {EE7C2AFF-5742-44FF-BD0E-E521B0D3C3BA} - C:\WINDOWS\system32\btxppanel.dll
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: QConGina - C:\WINDOWS\SYSTEM32\QConGina.dll
O20 - Winlogon Notify: tpfnf2 - C:\WINDOWS\SYSTEM32\notifyf2.dll
O20 - Winlogon Notify: tphotkey - C:\WINDOWS\SYSTEM32\tphklock.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: BlackICE - Internet Security Systems, Inc. - C:\Program Files\ISS\issSensors\DesktopProtection\blackd.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation - C:\Program Files\IBM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\NUS-VPN\cvpnd.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: IBM Rapid Restore Ultra Service - Unknown owner - C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe
O23 - Service: IBM PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: SQL Server (SQLEXPRESS) (MSSQL$SQLEXPRESS) - Unknown owner - C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sSQLEXPRESS (file missing)
O23 - Service: OpenVPN Service (OpenVPNService) - Unknown owner - C:\Program Files\OpenVPN\bin\openvpnserv.exe
O23 - Service: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - C:\WINDOWS\system32\PsaSrv.exe (file missing)
O23 - Service: QCONSVC - IBM Corp. - C:\WINDOWS\System32\QCONSVC.EXE
O23 - Service: RapApp - Internet Security Systems, Inc. - C:\Program Files\ISS\issSensors\DesktopProtection\RapApp.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Apache Tomcat (Tomcat5) - Unknown owner - C:\Program Files\Apache Software Foundation\Tomcat 5.5\bin\tomcat5.exe" //RS//Tomcat5 (file missing)
O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\WINDOWS\System32\TPHDEXLG.EXE
O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe
O23 - Service: URT Client Service (urtclientservice) - Unknown owner - C:\WINDOWS\System32\urtclsvc.exe
O23 - Service: ISS Buffer Overflow Exploit Prevention (VPatch) - Internet Security Systems, Inc. - C:\Program Files\ISS\issSensors\DesktopProtection\vpatch.exe
  • 0

#7
desperateuser
Posted 21 April 2007 - 12:41 PM

desperateuser

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
I was going through my latest HjT log, and I realised another problem, though not as minor.

Previously I installed this Firefox plugin called GetRight, which is supposed to be something like a download manager. However I didn't like it, so I uninstalled it. The problem is now I'm still getting redirected to the error page generated by GetRight whenever I click on certain links - I don't know what kind of links will trigger this. It's like most of the time, what I see in the status bar is a link to a file, I click it, and then I get a GetRight error page saying that GetRight can't be found, then I'm redirected to another page to do with GetRight.

How can I get rid of this nuisance permanently?
  • 0

#8
Daemon
Posted 22 April 2007 - 01:40 AM

Daemon

    Security Expert

  • Retired Staff
  • 4,356 posts
  • MVP
See if this helps - with only HijackThis running, remove the following entries by checking the box to the left and clicking 'fixed checked':

O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm

Exit HijackThis when done. Using Windows Explorer, find and delete the following, if there:

C:\Program Files\GetRight <-- folder

Exit Explorer and reboot. Rescan with HijackThis, post a new log here and let me know how it's running now.
  • 0

#9
desperateuser
Posted 22 April 2007 - 03:04 AM

desperateuser

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
Can I assume that the previous malware problem of mine is considered solved, since I'm no longer getting those popups? =)

WRT my latest problem, I followed your instructions, though I couldn't find that GetRight folder, and it wasn't hidden either.

Latest HjT log

Logfile of HijackThis v1.99.1
Scan saved at 4:58:32 PM, on 4/22/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\ISS\issSensors\DesktopProtection\blackd.exe
C:\Program Files\IBM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\NUS-VPN\cvpnd.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe
C:\WINDOWS\System32\QCONSVC.EXE
C:\Program Files\ISS\issSensors\DesktopProtection\RapApp.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\TPHDEXLG.EXE
C:\WINDOWS\system32\TpKmpSVC.exe
C:\WINDOWS\System32\urtclsvc.exe
C:\Program Files\ISS\issSensors\DesktopProtection\vpatch.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\TpShocks.exe
C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\IBMTOOLS\UTILS\ibmprc.exe
C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe
C:\Program Files\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\WINDOWS\VM_STI.EXE
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Yahoo! Widget Engine\YahooWidgetEngine.exe
C:\Program Files\Yahoo! Widget Engine\YahooWidgetEngine.exe
C:\Program Files\Yahoo! Widget Engine\YahooWidgetEngine.exe
C:\Program Files\Yahoo! Widget Engine\YahooWidgetEngine.exe
C:\Program Files\Yahoo! Widget Engine\YahooWidgetEngine.exe
C:\Program Files\EditPadLite\EditPadLite.exe
C:\Documents and Settings\u0507196\Desktop\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.nus.edu.sg
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = fol.singnet.com.sg:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost; 127.0.0.1; 192.168.1.254;<local>
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper
O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
O4 - HKLM\..\Run: [TP4EX] tp4ex.exe
O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [UC_Start] C:\Program Files\IBM\Updater\\ucstartup.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [IBMPRC] C:\IBMTOOLS\UTILS\ibmprc.exe
O4 - HKLM\..\Run: [PWRMGRTR] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE VIMICRO USB PC Camera 301x
O4 - HKLM\..\Run: [BLOG] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [QCWLIcon] C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [EOUApp] "C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe"
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Startup: Yahoo! Widget Engine.lnk = C:\Program Files\Yahoo! Widget Engine\YahooWidgetEngine.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\IBM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\IBM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\IBM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Software Installer - {D1A4DEBD-C2EE-449f-B9FB-E8409F9A0BC5} - C:\Program Files\ThinkPad\PkgMgr\\PkgMgr.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.nus.edu.sg
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = stu.nus.edu.sg
O17 - HKLM\Software\..\Telephony: DomainName = stu.nus.edu.sg
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = stu.nus.edu.sg
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = stu.nus.edu.sg
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = stu.nus.edu.sg
O17 - HKLM\System\CS4\Services\Tcpip\Parameters: Domain = stu.nus.edu.sg
O17 - HKLM\System\CS5\Services\Tcpip\Parameters: Domain = stu.nus.edu.sg
O17 - HKLM\System\CS6\Services\Tcpip\Parameters: Domain = stu.nus.edu.sg
O17 - HKLM\System\CS7\Services\Tcpip\Parameters: Domain = stu.nus.edu.sg
O17 - HKLM\System\CS8\Services\Tcpip\Parameters: Domain = stu.nus.edu.sg
O17 - HKLM\System\CS9\Services\Tcpip\Parameters: Domain = stu.nus.edu.sg
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: widimg - {EE7C2AFF-5742-44FF-BD0E-E521B0D3C3BA} - C:\WINDOWS\system32\btxppanel.dll
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: QConGina - C:\WINDOWS\SYSTEM32\QConGina.dll
O20 - Winlogon Notify: tpfnf2 - C:\WINDOWS\SYSTEM32\notifyf2.dll
O20 - Winlogon Notify: tphotkey - C:\WINDOWS\SYSTEM32\tphklock.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: BlackICE - Internet Security Systems, Inc. - C:\Program Files\ISS\issSensors\DesktopProtection\blackd.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation - C:\Program Files\IBM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\NUS-VPN\cvpnd.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: IBM Rapid Restore Ultra Service - Unknown owner - C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe
O23 - Service: IBM PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: SQL Server (SQLEXPRESS) (MSSQL$SQLEXPRESS) - Unknown owner - C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sSQLEXPRESS (file missing)
O23 - Service: OpenVPN Service (OpenVPNService) - Unknown owner - C:\Program Files\OpenVPN\bin\openvpnserv.exe
O23 - Service: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - C:\WINDOWS\system32\PsaSrv.exe (file missing)
O23 - Service: QCONSVC - IBM Corp. - C:\WINDOWS\System32\QCONSVC.EXE
O23 - Service: RapApp - Internet Security Systems, Inc. - C:\Program Files\ISS\issSensors\DesktopProtection\RapApp.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Apache Tomcat (Tomcat5) - Unknown owner - C:\Program Files\Apache Software Foundation\Tomcat 5.5\bin\tomcat5.exe" //RS//Tomcat5 (file missing)
O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\WINDOWS\System32\TPHDEXLG.EXE
O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe
O23 - Service: URT Client Service (urtclientservice) - Unknown owner - C:\WINDOWS\System32\urtclsvc.exe
O23 - Service: ISS Buffer Overflow Exploit Prevention (VPatch) - Internet Security Systems, Inc. - C:\Program Files\ISS\issSensors\DesktopProtection\vpatch.exe
  • 0

#10
Daemon
Posted 22 April 2007 - 03:31 AM

Daemon

    Security Expert

  • Retired Staff
  • 4,356 posts
  • MVP
Your log is clean - is it still running OK?
  • 0

#11
desperateuser
Posted 22 April 2007 - 04:50 AM

desperateuser

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
No more popups, major problem solved, thank you very much.

Minor problem still persists. For example, I tried to download HijackThis from this forum (clicking on the link above and so on), Firefox still tries to use GetRight to download, and it redirects me here (http://www.getright.com/opera_err.html) cos it failed.
  • 0

#12
Daemon
Posted 22 April 2007 - 05:09 AM

Daemon

    Security Expert

  • Retired Staff
  • 4,356 posts
  • MVP
It seems that the uninstall process messed up rather than it being malware related. Probably better if you start a topic specifically about the GetRight/Firefox issue in this forum:

http://www.geekstogo..._Email-f26.html

where the experts there will help you (my specialty is Security).
  • 0

#13
desperateuser
Posted 22 April 2007 - 06:11 AM

desperateuser

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
Alright then, thank you VERY MUCH! :whistling:
  • 0

#14
Daemon
Posted 22 April 2007 - 06:29 AM

Daemon

    Security Expert

  • Retired Staff
  • 4,356 posts
  • MVP
You're welcome - glad to help :whistling:

To help keep you clean follow the recommendations in Tony's article here:

So how did I get infected in the first place?



As this problem has been resolved the topic will be closed. If you need this topic reopened, please email the moderating team - be sure to include the address of the thread and the name you posted under.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP