ewido anti-malware - Scan report
---------------------------------------------------------
+ Created on: 5:32:58 PM, 6/4/2006
+ Report-Checksum: 765B026E
+ Scan result:
[988] VM_00DD0000 -> Downloader.Agent.uj : Error during cleaning
[1012] VM_00A50000 -> Downloader.Agent.uj : Error during cleaning
[1848] VM_00A30000 -> Downloader.Agent.uj : Error during cleaning
[1716] VM_003D0000 -> Downloader.Agent.uj : Error during cleaning
[1116] VM_00AF0000 -> Downloader.Agent.uj : Error during cleaning
[588] VM_00A20000 -> Downloader.Agent.uj : Error during cleaning
[1860] VM_003F0000 -> Downloader.Agent.uj : Error during cleaning
[216] VM_00BF0000 -> Downloader.Agent.uj : Error during cleaning
[936] VM_003D0000 -> Downloader.Agent.uj : Error during cleaning
[728] VM_00D60000 -> Downloader.Agent.uj : Error during cleaning
[1380] VM_003F0000 -> Downloader.Agent.uj : Error during cleaning
[1532] VM_003E0000 -> Downloader.Agent.uj : Error during cleaning
[1432] VM_00D10000 -> Downloader.Agent.uj : Error during cleaning
[800] VM_00C00000 -> Downloader.Agent.uj : Error during cleaning
[356] VM_00EA0000 -> Downloader.Agent.uj : Error during cleaning
[1672] VM_003F0000 -> Downloader.Agent.uj : Error during cleaning
[2108] VM_00930000 -> Downloader.Agent.uj : Error during cleaning
[3292] VM_003D0000 -> Downloader.Agent.uj : Error during cleaning
C:\Documents and Settings\stevyn\Cookies\[email protected][2].txt -> TrackingCookie.Goclick : Cleaned with backup
::Report End
Logfile of HijackThis v1.99.1
Scan saved at 8:26:16 PM, on 6/4/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\S24EvMon.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Acer\eManager\anbmServ.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\WINDOWS\System32\RegSrvc.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Launch Manager\QtZgAcer.EXE
C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
C:\WINDOWS\System32\ZCfgSvc.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\kdx\KHost.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I3S2.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\LimeWire\LimeWire.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\WINDOWS\System32\1XConfig.exe
C:\HJT\HijackThis.exe
R3 - Default URLSearchHook is missing
O1 - Hosts: localhost 127.0.0.1
O2 - BHO: ThunderIEHelper - {0005A87D-D626-4B3A-84F9-1D9571695F55} - C:\WINDOWS\system32\xunleibho_v13.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [LManager] C:\Program Files\Launch Manager\QtZgAcer.EXE
O4 - HKLM\..\Run: [Omnipage] C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
O4 - HKLM\..\Run: [ZCfgSvc.exe] C:\WINDOWS\System32\ZCfgSvc.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [EPSON Stylus C65 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I3S2.EXE /P23 "EPSON Stylus C65 Series" /O5 "LPT1:" /M "Stylus C65"
O4 - HKLM\..\Run: [kdx] C:\WINDOWS\kdx\KHost.exe
O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\PROSetWireless\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [wmplayer] C:\Program Files\wmplayer\wmplayer.exe /auto
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [eMuleAutoStart] C:\Program Files\eMule\eMule.exe -AutoStart
O4 - HKCU\..\Run: [EPSON Stylus C65 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I3S2.EXE /P23 "EPSON Stylus C65 Series" /M "Stylus C65" /EF "HKCU"
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Aa·N??2EEOAμ3?A÷3cOUIs1U?’ - {022C4009-5283-4365-97BF-144054B40E2E} - http://itv.mop.com (file missing)
O9 - Extra 'Tools' menuitem: 2¥°OμcEO - {022C4009-5283-4365-97BF-144054B40E2E} - http://itv.mop.com (file missing)
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F99} - http://www.miniclip....pGameLoader.dll
O16 - DPF: {2B866353-E598-4403-8E4D-B871AB30DC55} (Speed Class) - http://www.singnet.c...a/SpeedCtrl.cab
O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} (Autodesk MapGuide ActiveX Control) - http://202.79.212.24...xctrl_ver65.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1094072927074
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {91433D86-9F27-402C-B5E3-DEBDD122C339} - http://www.netvenda....l/sg/games3.cab
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius....tiveXPlugin.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zon...ro.cab32846.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (ASquaredScanForm Element) - http://www.windowsec...scan/axscan.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zon...ot.cab31267.cab
O16 - DPF: {F54C1137-5E34-4B95-95A5-BA56D4D8D743} (Secure Delivery) - http://www.gamespot....ownload/kdx.cab
O16 - DPF: {FEE1002D-90A5-4A5D-AABE-01803FFBCF7A} (pCastPanel Class) - http://ps.itv.mop.co...80_20060123.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{52CF0454-F467-462D-AC99-28EB8EC03956}: NameServer = 85.255.116.106,85.255.112.73
O17 - HKLM\System\CCS\Services\Tcpip\..\{5C40F75D-0A03-4A35-90B1-8E8A43677158}: NameServer = 85.255.116.106,85.255.112.73
O17 - HKLM\System\CCS\Services\Tcpip\..\{6D564E2B-C760-412F-BB35-01DF4D16D091}: NameServer = 85.255.116.106,85.255.112.73
O17 - HKLM\System\CCS\Services\Tcpip\..\{87E64B90-B2C5-4FC7-84E7-3DB417810A16}: NameServer = 85.255.116.106,85.255.112.73
O17 - HKLM\System\CCS\Services\Tcpip\..\{96ECCCA5-A713-4327-8109-B40D72CFB644}: NameServer = 85.255.116.106,85.255.112.73
O17 - HKLM\System\CCS\Services\Tcpip\..\{B4A97C47-AEE2-4A17-862E-2ACE23115311}: NameServer = 85.255.116.106,85.255.112.73
O17 - HKLM\System\CS1\Services\Tcpip\..\{52CF0454-F467-462D-AC99-28EB8EC03956}: NameServer = 85.255.116.106,85.255.112.73
O17 - HKLM\System\CS2\Services\Tcpip\..\{52CF0454-F467-462D-AC99-28EB8EC03956}: NameServer = 85.255.116.106,85.255.112.73
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\System32\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\System32\S24EvMon.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe