˙ţ- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
e w i d o s e c u r i t y s u i t e - S c a n r e p o r t
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+ C r e a t e d o n : 9 : 3 9 : 0 0 P M , 5 / 3 / 2 0 0 5
+ R e p o r t - C h e c k s u m : 3 9 9 3 2 C 5 2
+ D a t e o f d a t a b a s e : 5 / 4 / 2 0 0 5
+ V e r s i o n o f s c a n e n g i n e : v 3 . 0
+ D u r a t i o n : 4 8 m i n
+ S c a n n e d F i l e s : 7 3 3 9 5
+ S p e e d : 2 5 . 1 9 F i l e s / S e c o n d
+ I n f e c t e d f i l e s : 2 6
+ R e m o v e d f i l e s : 2 5
+ F i l e s p u t i n q u a r a n t i n e : 2 5
+ F i l e s t h a t c o u l d n o t b e o p e n e d : 0
+ F i l e s t h a t c o u l d n o t b e c l e a n e d : 1
+ B i n d e r : Y e s
+ C r y p t e r : Y e s
+ A r c h i v e s : Y e s
+ S c a n n e d i t e m s :
C : \
+ S c a n r e s u l t :
C : \ P r o g r a m F i l e s \ C o m m o n F i l e s \ J a v a \ b p t . c f g - > S p y w a r e . B r o a d c a p . a - > C l e a n e d w i t h b a c k u p
C : \ R E C Y C L E R \ S - 1 - 5 - 2 1 - 2 4 0 9 9 6 0 4 4 7 - 2 9 3 9 5 6 1 9 2 1 - 2 0 1 8 3 2 2 7 7 5 - 1 0 0 3 \ D c 1 . e x e - > S p y w a r e . B e t t e r I n t e r n e t - > C l e a n e d w i t h b a c k u p
C : \ W I N D O W S \ B o l g e r . d l l - > S p y w a r e . B e t t e r I n t e r n e t - > C l e a n e d w i t h b a c k u p
C : \ W I N D O W S \ c e r e s . d l l - > S p y w a r e . B e t t e r I n t e r n e t - > C l e a n e d w i t h b a c k u p
C : \ W I N D O W S \ d r e x i n i t . d l l - > T r o j a n . A g e n t . c o - > C l e a n e d w i t h b a c k u p
C : \ W I N D O W S \ e p g e v w q k a . e x e - > S p y w a r e . B e t t e r I n t e r n e t - > C l e a n e d w i t h b a c k u p
C : \ W I N D O W S \ i s r v s \ d e s k t o p . e x e - > S p y w a r e . I S e a r c h . d - > C l e a n e d w i t h b a c k u p
C : \ W I N D O W S \ i s r v s \ e d m o n d . e x e - > T r o j a n . I s e a r c h - > C l e a n e d w i t h b a c k u p
C : \ W I N D O W S \ i s r v s \ f f i s e a r c h . e x e - > S p y w a r e . I s e a r c h - > C l e a n e d w i t h b a c k u p
C : \ W I N D O W S \ i s r v s \ i s e a r c h . x p i / c h r o m e / i s e a r c h . j a r / c o n t e n t / i s e a r c h / i s e a r c h . j s - > S p y w a r e . I S e a r c h . e - > E r r o r d u r i n g c l e a n i n g
C : \ W I N D O W S \ i s r v s \ m f i l t i s . d l l - > S p y w a r e . I S e a r c h . d - > C l e a n e d w i t h b a c k u p
C : \ W I N D O W S \ i s r v s \ m s d b h k . d l l - > S p y w a r e . I s e a r c h . a - > C l e a n e d w i t h b a c k u p
C : \ W I N D O W S \ i s r v s \ s y s u p d . d l l - > T r o j a n D o w n l o a d e r . I e s e r . a - > C l e a n e d w i t h b a c k u p
C : \ W I N D O W S \ N a i l . e x e - > T r o j a n . N a i l - > C l e a n e d w i t h b a c k u p
C : \ W I N D O W S \ s a s e t u p . d l l - > D i a l e r . G e n e r i c - > C l e a n e d w i t h b a c k u p
C : \ W I N D O W S \ s v c p r o c . e x e - > T r o j a n . S t e r v i s . c - > C l e a n e d w i t h b a c k u p
C : \ W I N D O W S \ S Y S T E M 3 2 \ c o n f i g \ s y s t e m p r o f i l e \ C o o k i e s \ s y s t e m @ m y w a y [ 2 ] . t x t - > S p y w a r e . T r a c k i n g - C o o k i e - > C l e a n e d w i t h b a c k u p
C : \ W I N D O W S \ S Y S T E M 3 2 \ d r i v e r s \ d e l p r o t . s y s - > T r o j a n . D e l p r o t . a - > C l e a n e d w i t h b a c k u p
C : \ W I N D O W S \ S Y S T E M 3 2 \ D r P M o n . d l l - > T r o j a n . A g e n t . d b - > C l e a n e d w i t h b a c k u p
C : \ W I N D O W S \ S Y S T E M 3 2 \ d s k t r f . d l l - > S p y w a r e . B e g i n t o . b - > C l e a n e d w i t h b a c k u p
C : \ W I N D O W S \ S Y S T E M 3 2 \ d x f w l v . e x e - > T r o j a n . A g e n t . c p - > C l e a n e d w i t h b a c k u p
C : \ W I N D O W S \ S Y S T E M 3 2 \ m g t b y h d . e x e - > T r o j a n . A g e n t . c p - > C l e a n e d w i t h b a c k u p
C : \ W I N D O W S \ S Y S T E M 3 2 \ n s s 3 . d l l - > S p y w a r e . B e g i n t o . c - > C l e a n e d w i t h b a c k u p
C : \ W I N D O W S \ S Y S T E M 3 2 \ r t n e g 4 . d l l - > S p y w a r e . B e g i n t o . c - > C l e a n e d w i t h b a c k u p
C : \ W I N D O W S \ S Y S T E M 3 2 \ t h i n - 9 4 - 5 - x - x . e x e - > S p y w a r e . B e t t e r I n t e r n e t - > C l e a n e d w i t h b a c k u p
C : \ W I N D O W S \ w t \ w t v h . d l l - > S p y w a r e . W i l d T a n g e n t . b - > C l e a n e d w i t h b a c k u p
: : R e p o r t E n d
Logfile of HijackThis v1.99.1
Scan saved at 9:40:12 PM, on 5/3/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\The Cleaner\tca.exe
C:\Program Files\The Cleaner\tcm.exe
C:\PROGRA~1\BILLPS~1\WINPAT~1\winpatrol.exe
C:\PROGRA~1\SPYWAR~1\swdoctor.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\Program Files\AIM\aim.exe
C:\WINDOWS\epgevwqka.exe
C:\DOCUME~1\Owner\LOCALS~1\Temp\Temporary Directory 2 for hijackthis.zip\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.optonline.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.optonline.net
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
O2 - BHO: BolgerObj Class - {302A3240-4805-4a34-97D7-1645A0B08410} - C:\WINDOWS\Bolger.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - (no file)
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O4 - HKLM\..\Run: [Desktop Search] C:\WINDOWS\isrvs\desktop.exe
O4 - HKLM\..\Run: [ffis] C:\WINDOWS\isrvs\ffisearch.exe
O4 - HKLM\..\Run: [tcactive] C:\Program Files\The Cleaner\tca.exe
O4 - HKLM\..\Run: [tcmonitor] C:\Program Files\The Cleaner\tcm.exe
O4 - HKLM\..\Run: [WinPatrol] C:\PROGRA~1\BILLPS~1\WINPAT~1\winpatrol.exe
O4 - HKCU\..\Run: [Spyware Doctor] C:\PROGRA~1\SPYWAR~1\swdoctor.exe /Q
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - Startup: Norton Disk Doctor.lnk = C:\Program Files\Norton SystemWorks\Norton Utilities\NDD32.EXE
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) -
https://www-secure.s...sa/LSSupCtl.cabO16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) -
http://security.syma...bin/AvSniff.cabO16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) -
http://a840.g.akamai...all/xscan53.cabO16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) -
https://www-secure.s...sa/SymAData.cabO18 - Filter: text/html - {950238FB-C706-4791-8674-4D429F85897E} - C:\WINDOWS\isrvs\mfiltis.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe (file missing)
O23 - Service: Symantec Password Validation (ccPwdSvc) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: IS Service (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - Unknown owner - C:\WINDOWS\System32\nvsvc32.exe (file missing)
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~2\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe (file missing)
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe